Fix memory leak in session cache test
authorBenjamin Kaduk <bkaduk@akamai.com>
Wed, 9 Aug 2017 17:19:06 +0000 (12:19 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Wed, 9 Aug 2017 18:50:02 +0000 (13:50 -0500)
When we are using the internal cache we have to make a copy of the
session before removing it from the parent context's cache, since
we want our copy to still be resumable.  However, SSL_CTX_remove_session()
just detaches the session from the SSL_CTX; it does not free the session.
So, we must call SSL_SESSION_free() ourselves before overwriting the
variable that we dup'd from.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4126)

test/sslapitest.c

index e44e9c1..f7b0ad8 100644 (file)
@@ -992,10 +992,12 @@ static int execute_test_session(int maxprot, int use_int_cache,
          * the external cache. We take a copy first because
          * SSL_CTX_remove_session() also marks the session as non-resumable.
          */
-        if (use_int_cache
-                && (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
-                    || !TEST_true(SSL_CTX_remove_session(sctx, sess2))))
-            goto end;
+        if (use_int_cache) {
+            if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
+                    || !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
+                goto end;
+            SSL_SESSION_free(sess2);
+        }
         sess2 = tmp;
     }