diff options
| author | lloyd <[email protected]> | 2011-12-27 16:30:40 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2011-12-27 16:30:40 +0000 |
| commit | fa5529e90a5e6cc48cca7669018d574802e13f08 (patch) | |
| tree | 4993c9fd25d2bc0bc2a7c98666a061c04beb9d8a | |
| parent | c72b3f5afbebd8615884228f938c7cb270f5669e (diff) | |
Avoid a memory leak if we were using DHE - kex_priv would get a copy
of the server key and then we'd immediately overwrite the pointer.
| -rw-r--r-- | src/tls/tls_server.cpp | 40 | ||||
| -rw-r--r-- | src/tls/tls_state.h | 5 |
2 files changed, 22 insertions, 23 deletions
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 141ff6cba..6b86aab59 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -146,28 +146,28 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->hash); } - state->kex_priv = PKCS8::copy_key(*private_key, rng); - if(state->suite.kex_type() != TLS_ALGO_KEYEXCH_NOKEX) + if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_NOKEX) { - if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_RSA) - { - state->kex_priv = new RSA_PrivateKey(rng, - policy.rsa_export_keysize()); - } - else if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_DH) - { - state->kex_priv = new DH_PrivateKey(rng, policy.dh_group()); - } - else - throw Internal_Error("TLS_Server: Unknown ciphersuite kex type"); - - state->server_kex = - new Server_Key_Exchange(rng, writer, - state->kex_priv, private_key, - state->client_hello->random(), - state->server_hello->random(), - state->hash); + state->kex_priv = PKCS8::copy_key(*private_key, rng); } + else if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_RSA) + { + // this seems, er, non-optimal... + state->kex_priv = new RSA_PrivateKey(rng, policy.rsa_export_keysize()); + } + else if(state->suite.kex_type() == TLS_ALGO_KEYEXCH_DH) + { + state->kex_priv = new DH_PrivateKey(rng, policy.dh_group()); + } + else + throw Internal_Error("TLS_Server: Unknown ciphersuite kex type"); + + state->server_kex = + new Server_Key_Exchange(rng, writer, + state->kex_priv, private_key, + state->client_hello->random(), + state->server_hello->random(), + state->hash); if(policy.require_client_auth()) { diff --git a/src/tls/tls_state.h b/src/tls/tls_state.h index 523dfed9c..1d6fc4c9e 100644 --- a/src/tls/tls_state.h +++ b/src/tls/tls_state.h @@ -5,8 +5,8 @@ * Released under the terms of the Botan license */ -#ifndef BOTAN_TLS_HANDSHAKE_H__ -#define BOTAN_TLS_HANDSHAKE_H__ +#ifndef BOTAN_TLS_HANDSHAKE_STATE_H__ +#define BOTAN_TLS_HANDSHAKE_STATE_H__ #include <botan/internal/tls_messages.h> #include <botan/secqueue.h> @@ -50,7 +50,6 @@ class Handshake_State SecureQueue queue; Version_Code version; - //bool got_client_ccs, got_server_ccs, do_client_auth; private: u32bit hand_expecting_mask, hand_received_mask; }; |