fix for memory leak with new wolfSSL_get_client_ciphers function

wolfSSL · Jan 21, 2025 · 701c1f9 · 701c1f9
1 parent bd6d53d
commit 701c1f9
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 4 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -8369,6 +8369,12 @@ void FreeSuites(WOLFSSL* ssl)
         wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack);
         ssl->suitesStack = NULL;
     }
+    if (ssl->clSuitesStack != NULL) {
+        /* Enough to free stack structure since WOLFSSL_CIPHER
+         * isn't allocated separately. */
+        wolfSSL_sk_SSL_CIPHER_free(ssl->clSuitesStack);
+        ssl->clSuitesStack = NULL;
+    }
 #endif
 #ifdef OPENSSL_EXTRA
     XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);

diff --git a/src/ssl.c b/src/ssl.c
@@ -21967,6 +21967,8 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
 #ifdef OPENSSL_ALL
+/* returned pointer is to an internal element in WOLFSSL struct and should not
+ * be free'd. It gets free'd when the WOLFSSL struct is free'd. */
 WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
 {
     WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
@@ -21989,7 +21991,10 @@ WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
     if (suites == NULL) {
         WOLFSSL_MSG("No client suites stored");
     }
-    else {
+    else if (ssl->clSuitesStack != NULL) {
+        ret = ssl->clSuitesStack;
+    }
+    else { /* generate cipher suites stack if not already done */
         int i;
         int j;
 
@@ -22031,7 +22036,7 @@ WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
                 else {
                     add->num = 1;
                 }
-                ret = add;
+                ssl->clSuitesStack = ret = add;
             }
         }
     }

diff --git a/tests/api.c b/tests/api.c
@@ -61392,8 +61392,8 @@ static int test_wolfSSL_get_client_ciphers(void)
     test_ssl_cbf server_cb;
     test_ssl_cbf client_cb;
 
-    XMEMSET(&client_cb, 0, sizeof(callback_functions));
-    XMEMSET(&server_cb, 0, sizeof(callback_functions));
+    XMEMSET(&client_cb, 0, sizeof(test_ssl_cbf));
+    XMEMSET(&server_cb, 0, sizeof(test_ssl_cbf));
     client_cb.method = wolfSSLv23_client_method;
     server_cb.method = wolfSSLv23_server_method;
     client_cb.devId = testDevId;

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -5790,6 +5790,8 @@ struct WOLFSSL {
     defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
     WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher
                                                  * suites */
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* clSuitesStack; /* stack of client cipher
+                                                   * suites */
 #endif
     Arrays*         arrays;
 #ifdef WOLFSSL_TLS13