Avoid leaking peername data via accept BIOs
authorViktor Dukhovni <openssl-users@dukhovni.org>
Fri, 9 Feb 2018 23:34:33 +0000 (18:34 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Sat, 10 Feb 2018 02:06:18 +0000 (21:06 -0500)
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/bio/bss_acpt.c

index e426ecd..72ad6a1 100644 (file)
@@ -275,6 +275,11 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c)
             BIO_clear_retry_flags(b);
             b->retry_reason = 0;
 
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
             s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr,
                               c->accepted_mode);