Rework SNI to fix memory issues

2024-11-22 16:55:42 +01:00 · 2013-09-24 22:30:56 +02:00 · 2013-09-24 22:30:56 +02:00 · 8372454615
commit 8372454615
parent b095a7bf29
3 changed files with 39 additions and 11 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -493,8 +493,16 @@ struct _ssl_handshake_params
    const ecp_curve_info **curves;      /*!<  Supported elliptic curves */
 #endif
 #if defined(POLARSSL_X509_CRT_PARSE_C)
-    ssl_key_cert *key_cert;             /*!<  Own key/cert in use     */
-    int free_key_cert;                  /*!<  Shall we free key_cert? */
+    /**
+     * Current key/cert or key/cert list.
+     * On client: pointer to ssl->key_cert, only the first entry used.
+     * On server: starts as a pointer to ssl->key_cert, then becomes
+     * a pointer to the chosen key from this list or the SNI list.
+     */
+    ssl_key_cert *key_cert;
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+    ssl_key_cert *sni_key_cert;         /*!<  key/cert list from SNI  */
+#endif
 #endif

    /*
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -339,8 +339,8 @@ static int ssl_parse_ticket( ssl_context *ssl,

 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 /*
- * Wrapper around f_sni, allowing use of
- * ssl_set_own_cert() but making it act on ssl->hanshake->key_cert instead.
+ * Wrapper around f_sni, allowing use of ssl_set_own_cert() but
+ * making it act on ssl->hanshake->sni_key_cert instead.
 */
 static int ssl_sni_wrapper( ssl_context *ssl,
                            const unsigned char* name, size_t len )
@ -350,8 +350,7 @@ static int ssl_sni_wrapper( ssl_context *ssl,

    ssl->key_cert = NULL;
    ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
-    ssl->handshake->key_cert = ssl->key_cert;
-    ssl->handshake->free_key_cert = 1;
+    ssl->handshake->sni_key_cert = ssl->key_cert;

    ssl->key_cert = key_cert_ori;

@ -933,13 +932,20 @@ static int ssl_key_matches_curves( pk_context *pk,
 static int ssl_pick_cert( ssl_context *ssl,
                          const ssl_ciphersuite_t * ciphersuite_info )
 {
-    ssl_key_cert *cur;
+    ssl_key_cert *cur, *list;
    pk_type_t pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );

+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+    if( ssl->handshake->sni_key_cert != NULL )
+        list = ssl->handshake->sni_key_cert;
+    else
+#endif
+        list = ssl->handshake->key_cert;
+
    if( pk_alg == POLARSSL_PK_NONE )
        return( 0 );

-    for( cur = ssl->key_cert; cur != NULL; cur = cur->next )
+    for( cur = list; cur != NULL; cur = cur->next )
    {
        if( ! pk_can_do( cur->key, pk_alg ) )
            continue;
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4170,9 +4170,23 @@ void ssl_handshake_free( ssl_handshake_params *handshake )
    polarssl_free( handshake->curves );
 #endif

-#if defined(POLARSSL_X509_CRT_PARSE_C)
-    if( handshake->free_key_cert != 0 )
-        ssl_key_cert_free( handshake->key_cert );
+#if defined(POLARSSL_X509_CRT_PARSE_C) && \
+    defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+    /*
+     * Free only the linked list wrapper, not the keys themselves
+     * since the belong to the SNI callback
+     */
+    if( handshake->sni_key_cert != NULL )
+    {
+        ssl_key_cert *cur = handshake->sni_key_cert, *next;
+
+        while( cur != NULL )
+        {
+            next = cur->next;
+            polarssl_free( cur );
+            cur = next;
+        }
+    }
 #endif

    memset( handshake, 0, sizeof( ssl_handshake_params ) );