Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mbedtld: release sessionid resources on error #3574

Closed

Conversation

danielgustafsson
Copy link
Member

If mbedtls_ssl_get_session() fails, it may still have allocated memory that needs to be freed to avoid leaking. Call the library API function to release session resources on this errorpath as well as on Curl_ssl_addsessionid() errors.

Closes: #xxxx
Reported-by: Michał Antoniak M.Antoniak@posnet.com

If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.

Closes: #xxxx
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
Copy link
Member

@bagder bagder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These functions are ridiculously badly documented by mbedTLS, but based on existing example code and educated guesses I think this is a step forward.

@jay
Copy link
Member

jay commented Feb 15, 2019

s/mbedtld/mbedtls

@lock lock bot locked as resolved and limited conversation to collaborators May 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants