From e63c50b1f373a48ed3d69d2a03ebd2c286718e31 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Wed, 10 Jan 2024 14:45:13 +0100 Subject: [PATCH 1/2] fixed double free happening during EvictSessionFromCache --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index 7a352db3a..242118b8d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19774,6 +19774,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) #ifdef HAVE_SESSION_TICKET if (session->ticketLenAlloc > 0) { XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK); + session->ticketLenAlloc = 0; } #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) From 909b437571adde6159df07fcc19f5cda757721f2 Mon Sep 17 00:00:00 2001 From: Stanislav Klima Date: Thu, 11 Jan 2024 19:59:12 +0100 Subject: [PATCH 2/2] cleared ticket and ticketNonce --- src/ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 242118b8d..1cdd8b3b2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19774,6 +19774,8 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) #ifdef HAVE_SESSION_TICKET if (session->ticketLenAlloc > 0) { XFREE(session->ticket, session->heap, DYNAMIC_TYPE_SESSION_TICK); + session->ticket = session->staticTicket; + session->ticketLen = 0; session->ticketLenAlloc = 0; } #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ @@ -19781,6 +19783,8 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) if (session->ticketNonce.data != session->ticketNonce.dataStatic) { XFREE(session->ticketNonce.data, session->heap, DYNAMIC_TYPE_SESSION_TICK); + session->ticketNonce.data = session->ticketNonce.dataStatic; + session->ticketNonce.len = 0; } #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ #endif