commit 83abdd6e58eebba120aa80e8e855b65dfe776d95
author David Benjamin <davidben@chromium.org> Thu Dec 04 16:23:32 2014 -0500
committer Adam Langley <agl@google.com> Fri Dec 05 17:26:48 2014 +0000
tree b6c903338a8812e68d82b4bdd27ab45738193639
parent e518f65d2c92fe3c9ebc1ba546c75926e7f2659e

Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask

PR#3608

(Imported from upstream's 8a35dbb6d89a16d792b79b157b3e89443639ec94.)

Change-Id: Iab9d91f9b96793f2275a23770f1275ff4edf0386
Reviewed-on: https://boringssl-review.googlesource.com/2476
Reviewed-by: Adam Langley <agl@google.com>

ssl/d1_both.c

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 327a1ac..c75bad8 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -214,8 +214,7 @@
 	return frag;
 	}
 
-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
+void dtls1_hm_fragment_free(hm_fragment *frag)
 	{
 
 	if (frag->msg_header.is_ccs)

ssl/d1_lib.c

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index d3d585f..c05cdb0 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -192,16 +192,14 @@
     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
         {
         frag = (hm_fragment *)item->data;
-        OPENSSL_free(frag->fragment);
-        OPENSSL_free(frag);
+        dtls1_hm_fragment_free(frag);
         pitem_free(item);
         }
 
     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
         {
         frag = (hm_fragment *)item->data;
-        OPENSSL_free(frag->fragment);
-        OPENSSL_free(frag);
+        dtls1_hm_fragment_free(frag);
         pitem_free(item);
         }
 

ssl/ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 4adc2c8..e8fbf19 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -929,6 +929,7 @@
 int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
 unsigned int dtls1_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);
 
 /* some client-only functions */