The branch master has been updated via e7c27a6c3716843f8412fd96311b70ac84b785f9 (commit) from f1d1903dd3dd1d68a5eae190b8c2a88bfe0a68ac (commit)
- Log ----------------------------------------------------------------- commit e7c27a6c3716843f8412fd96311b70ac84b785f9 Author: NaveenShivanna86 <navin.shiva...@gmail.com> Date: Wed Aug 21 11:58:29 2019 +0530 'init_buf' memory can be freed when DTLS is used over SCTP (not over UDP). Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9653) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_lib.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 898c608170..d2f7aab2ad 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1039,14 +1039,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) int cleanuphand = s->statem.cleanuphand; if (clearbufs) { - if (!SSL_IS_DTLS(s)) { + if (!SSL_IS_DTLS(s) +#ifndef OPENSSL_NO_SCTP /* - * We don't do this in DTLS because we may still need the init_buf + * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS + * messages that require it. Therefore, DTLS procedures for retransmissions + * MUST NOT be used. + * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. + */ + || BIO_dgram_is_sctp(SSL_get_wbio(s)) +#endif + ) { + /* + * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits */ BUF_MEM_free(s->init_buf); s->init_buf = NULL; } + if (!ssl_free_wbio_buffer(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, ERR_R_INTERNAL_ERROR);