fix for memory leak with new wolfSSL_get_client_ciphers function

2025-07-30 02:37:28 +02:00 · 2025-01-20 22:06:52 -07:00
parent 49c515ac58
commit 2812baf5a9
4 changed files with 17 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -8369,6 +8369,12 @@ void FreeSuites(WOLFSSL* ssl)
        wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack);
        ssl->suitesStack = NULL;
    }
+    if (ssl->clSuitesStack != NULL) {
+        /* Enough to free stack structure since WOLFSSL_CIPHER
+         * isn't allocated separately. */
+        wolfSSL_sk_SSL_CIPHER_free(ssl->clSuitesStack);
+        ssl->clSuitesStack = NULL;
+    }
 #endif
 #ifdef OPENSSL_EXTRA
    XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -21931,6 +21931,8 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
 }
 #endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
 #ifdef OPENSSL_ALL
+/* returned pointer is to an internal element in WOLFSSL struct and should not
+ * be free'd. It gets free'd when the WOLFSSL struct is free'd. */
 WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
 {
    WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
@ -21953,7 +21955,10 @@ WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
    if (suites == NULL) {
        WOLFSSL_MSG("No client suites stored");
    }
-    else {
+    else if (ssl->clSuitesStack != NULL) {
+        ret = ssl->clSuitesStack;
+    }
+    else { /* generate cipher suites stack if not already done */
        int i;
        int j;

@ -21995,7 +22000,7 @@ WOLF_STACK_OF(WOLFSSL_CIPHER)*  wolfSSL_get_client_ciphers(WOLFSSL* ssl)
                else {
                    add->num = 1;
                }
-                ret = add;
+                ssl->clSuitesStack = ret = add;
            }
        }
    }
--- a/tests/api.c
+++ b/tests/api.c
@ -61401,8 +61401,8 @@ static int test_wolfSSL_get_client_ciphers(void)
    test_ssl_cbf server_cb;
    test_ssl_cbf client_cb;

-    XMEMSET(&client_cb, 0, sizeof(callback_functions));
-    XMEMSET(&server_cb, 0, sizeof(callback_functions));
+    XMEMSET(&client_cb, 0, sizeof(test_ssl_cbf));
+    XMEMSET(&server_cb, 0, sizeof(test_ssl_cbf));
    client_cb.method = wolfSSLv23_client_method;
    server_cb.method = wolfSSLv23_server_method;
    client_cb.devId = testDevId;
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -5792,6 +5792,8 @@ struct WOLFSSL {
    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
    WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher
                                                 * suites */
+    WOLF_STACK_OF(WOLFSSL_CIPHER)* clSuitesStack; /* stack of client cipher
+                                                   * suites */
 #endif
    Arrays*         arrays;
 #ifdef WOLFSSL_TLS13