mirror of
https://github.com/adulau/ssldump.git
synced 2024-11-22 01:17:04 +00:00
Avoid leak by freeing SSL decoding context properly
This commit is contained in:
William Robinet
parent
8ef5540e58
commit
96021582f4
7 changed files with 43 additions and 3 deletions
|
|
@ -86,17 +86,22 @@ int network_handler_create(mod,handlerp)
|
||||||
_status=0;
|
_status=0;
|
||||||
abort:
|
abort:
|
||||||
if(_status){
|
if(_status){
|
||||||
network_handler_destroy(&handler);
|
network_handler_destroy(mod, &handler);
|
||||||
}
|
}
|
||||||
return(_status);
|
return(_status);
|
||||||
}
|
}
|
||||||
|
|
||||||
int network_handler_destroy(handlerp)
|
int network_handler_destroy(mod,handlerp)
|
||||||
|
proto_mod *mod;
|
||||||
n_handler **handlerp;
|
n_handler **handlerp;
|
||||||
{
|
{
|
||||||
|
n_handler *handler=0;
|
||||||
if(!handlerp || !*handlerp)
|
if(!handlerp || !*handlerp)
|
||||||
return(0);
|
return(0);
|
||||||
|
|
||||||
|
handler = *handlerp;
|
||||||
|
|
||||||
|
mod->vtbl->destroy_ctx(mod->handle,&handler->ctx);
|
||||||
free(*handlerp);
|
free(*handlerp);
|
||||||
*handlerp=0;
|
*handlerp=0;
|
||||||
return(0);
|
return(0);
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,7 @@ typedef struct packet_ packet;
|
||||||
|
|
||||||
int network_handler_create PROTO_LIST((proto_mod *mod,
|
int network_handler_create PROTO_LIST((proto_mod *mod,
|
||||||
n_handler **handlerp));
|
n_handler **handlerp));
|
||||||
int network_handler_destroy PROTO_LIST((n_handler **handlerp));
|
int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp));
|
||||||
int network_process_packet PROTO_LIST((n_handler *handler,
|
int network_process_packet PROTO_LIST((n_handler *handler,
|
||||||
struct timeval *timestamp,UCHAR *data,int length));
|
struct timeval *timestamp,UCHAR *data,int length));
|
||||||
int packet_copy PROTO_LIST((packet *in,packet **out));
|
int packet_copy PROTO_LIST((packet *in,packet **out));
|
||||||
|
|
|
||||||
|
|
@ -141,6 +141,8 @@ void sig_handler(int sig)
|
||||||
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
|
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
|
||||||
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
|
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
|
||||||
|
|
||||||
|
network_handler_destroy(mod, &n);
|
||||||
|
|
||||||
if(p)
|
if(p)
|
||||||
pcap_close(p);
|
pcap_close(p);
|
||||||
if(interface_name)
|
if(interface_name)
|
||||||
|
|
@ -496,6 +498,7 @@ int main(argc,argv)
|
||||||
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
|
if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
|
||||||
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
|
printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
|
||||||
|
|
||||||
|
network_handler_destroy(mod, &n);
|
||||||
pcap_close(p);
|
pcap_close(p);
|
||||||
|
|
||||||
free(n);
|
free(n);
|
||||||
|
|
|
||||||
|
|
@ -62,6 +62,7 @@ struct proto_mod_vtbl_ {
|
||||||
proto_obj **objp,
|
proto_obj **objp,
|
||||||
struct in_addr *i_addr,u_short i_port,
|
struct in_addr *i_addr,u_short i_port,
|
||||||
struct in_addr *r_addr,u_short r_port,struct timeval *time_base));
|
struct in_addr *r_addr,u_short r_port,struct timeval *time_base));
|
||||||
|
int (*destroy_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp));
|
||||||
int (*destroy) PROTO_LIST((proto_obj **objp));
|
int (*destroy) PROTO_LIST((proto_obj **objp));
|
||||||
int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction));
|
int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction));
|
||||||
int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction));
|
int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction));
|
||||||
|
|
|
||||||
|
|
@ -61,6 +61,7 @@ static int create_ssl_analyzer PROTO_LIST((void *handle,
|
||||||
proto_ctx *ctx,tcp_conn *conn,proto_obj **objp,
|
proto_ctx *ctx,tcp_conn *conn,proto_obj **objp,
|
||||||
struct in_addr *i_addr,u_short i_port,
|
struct in_addr *i_addr,u_short i_port,
|
||||||
struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
|
struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
|
||||||
|
static int destroy_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp));
|
||||||
static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp));
|
static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp));
|
||||||
static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg,
|
static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg,
|
||||||
int offset,segment **lastp,int *offsetp));
|
int offset,segment **lastp,int *offsetp));
|
||||||
|
|
@ -228,6 +229,15 @@ static int create_ssl_ctx(handle,ctxp)
|
||||||
return(_status);
|
return(_status);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int destroy_ssl_ctx(handle,ctxp)
|
||||||
|
void *handle;
|
||||||
|
proto_ctx **ctxp;
|
||||||
|
{
|
||||||
|
ssl_decode_ctx *ctx=0;
|
||||||
|
ctx=(ssl_decode_ctx *) *ctxp;
|
||||||
|
ssl_decode_ctx_destroy(&ctx);
|
||||||
|
}
|
||||||
|
|
||||||
static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
|
static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
|
||||||
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
|
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
|
||||||
u_short r_port, struct timeval *base_time)
|
u_short r_port, struct timeval *base_time)
|
||||||
|
|
@ -635,6 +645,7 @@ static struct proto_mod_vtbl_ ssl_vtbl ={
|
||||||
parse_ssl_flag,
|
parse_ssl_flag,
|
||||||
create_ssl_ctx,
|
create_ssl_ctx,
|
||||||
create_ssl_analyzer,
|
create_ssl_analyzer,
|
||||||
|
destroy_ssl_ctx,
|
||||||
destroy_ssl_analyzer,
|
destroy_ssl_analyzer,
|
||||||
data_ssl_analyzer,
|
data_ssl_analyzer,
|
||||||
close_ssl_analyzer,
|
close_ssl_analyzer,
|
||||||
|
|
|
||||||
|
|
@ -191,6 +191,25 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile)
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int ssl_decode_ctx_destroy(dp)
|
||||||
|
ssl_decode_ctx **dp;
|
||||||
|
{
|
||||||
|
#ifdef OPENSSL
|
||||||
|
ssl_decode_ctx *d = *dp;
|
||||||
|
if(d->ssl_key_log_file) {
|
||||||
|
fclose(d->ssl_key_log_file);
|
||||||
|
}
|
||||||
|
|
||||||
|
r_assoc *x = d->session_cache;
|
||||||
|
r_assoc_destroy(&d->session_cache);
|
||||||
|
|
||||||
|
SSL_CTX_free(d->ssl_ctx);
|
||||||
|
SSL_free(d->ssl);
|
||||||
|
free(d);
|
||||||
|
#endif
|
||||||
|
return(0);
|
||||||
|
}
|
||||||
|
|
||||||
int ssl_decoder_create(dp,ctx)
|
int ssl_decoder_create(dp,ctx)
|
||||||
ssl_decoder **dp;
|
ssl_decoder **dp;
|
||||||
ssl_decode_ctx *ctx;
|
ssl_decode_ctx *ctx;
|
||||||
|
|
|
||||||
|
|
@ -52,6 +52,7 @@
|
||||||
|
|
||||||
int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx,
|
int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx,
|
||||||
char *keyfile,char *password,char *keylogfile));
|
char *keyfile,char *password,char *keylogfile));
|
||||||
|
int ssl_decode_ctx_destroy(ssl_decode_ctx **dp);
|
||||||
int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp));
|
int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp));
|
||||||
int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx));
|
int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx));
|
||||||
int ssl_set_client_random PROTO_LIST((ssl_decoder *dp,
|
int ssl_set_client_random PROTO_LIST((ssl_decoder *dp,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue