You've already forked mariadb-connector-c
mirror of
https://github.com/mariadb-corporation/mariadb-connector-c.git
synced 2025-08-08 14:02:17 +03:00
Fixed several memory leaks in ma_ssl.c
This commit is contained in:
Georg Richter
@@ -151,5 +151,6 @@ const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl);
|
||||
my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list);
|
||||
my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
|
||||
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
|
||||
void ma_pvio_ssl_end();
|
||||
|
||||
#endif /* _ma_ssl_h_ */
|
||||
|
||||
@@ -226,6 +226,9 @@ extern unsigned int mariadb_deinitialize_ssl;
|
||||
MARIADB_CLIENT_ERRORS,
|
||||
MARIADB_CLIENT_VERSION,
|
||||
MARIADB_CLIENT_VERSION_ID,
|
||||
MARIADB_CONNECTION_ERROR,
|
||||
MARIADB_CONNECTION_ERROR_ID,
|
||||
MARIADB_CONNECTION_SQLSTATE,
|
||||
MARIADB_CONNECTION_ASYNC_TIMEOUT,
|
||||
MARIADB_CONNECTION_ASYNC_TIMEOUT_MS,
|
||||
MARIADB_CONNECTION_HOST,
|
||||
@@ -239,6 +242,7 @@ extern unsigned int mariadb_deinitialize_ssl;
|
||||
MARIADB_CONNECTION_SERVER_VERSION_ID,
|
||||
MARIADB_CONNECTION_SOCKET,
|
||||
MARIADB_CONNECTION_SSL_CIPHER,
|
||||
MARIADB_CONNECTION_SSL_LIBRARY,
|
||||
MARIADB_CONNECTION_SSL_VERSION,
|
||||
MARIADB_CONNECTION_SSL_VERSION_ID,
|
||||
MARIADB_CONNECTION_TYPE,
|
||||
|
||||
@@ -3122,10 +3122,9 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
|
||||
case MARIADB_OPT_SSL_PASSPHRASE:
|
||||
*((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL;
|
||||
break;
|
||||
/* todo
|
||||
case MARIADB_OPT_CONNECTION_READ_ONLY:
|
||||
*((my_bool *)arg)= mysql->options.extension ? mysql->options.extension->read_only : 0;
|
||||
break;
|
||||
*/
|
||||
case MARIADB_OPT_USERDATA:
|
||||
/* nysql_get_optionv(mysql, MARIADB_OPT_USERDATA, key, value) */
|
||||
{
|
||||
@@ -3450,6 +3449,9 @@ void STDCALL mysql_server_end(void)
|
||||
list_free(pvio_callback, 0);
|
||||
if (my_init_done)
|
||||
my_end(0);
|
||||
#ifdef HAVE_SSL
|
||||
ma_pvio_ssl_end();
|
||||
#endif
|
||||
mysql_client_init= 0;
|
||||
my_init_done= 0;
|
||||
}
|
||||
@@ -3570,6 +3572,21 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
|
||||
case MARIADB_NET_BUFFER_LENGTH:
|
||||
*((size_t *)arg)= (size_t)net_buffer_length;
|
||||
break;
|
||||
case MARIADB_CONNECTION_ERROR_ID:
|
||||
if (!mysql)
|
||||
goto error;
|
||||
*((unsigned int *)arg)= mysql->net.last_errno;
|
||||
break;
|
||||
case MARIADB_CONNECTION_ERROR:
|
||||
if (!mysql)
|
||||
goto error;
|
||||
*((char **)arg)= mysql->net.last_error;
|
||||
break;
|
||||
case MARIADB_CONNECTION_SQLSTATE:
|
||||
if (!mysql)
|
||||
goto error;
|
||||
*((char **)arg)= mysql->net.sqlstate;
|
||||
break;
|
||||
case MARIADB_CONNECTION_SSL_VERSION:
|
||||
#ifdef HAVE_SSL
|
||||
if (mysql && mysql->net.pvio && mysql->net.pvio->cssl)
|
||||
@@ -3594,6 +3611,19 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
|
||||
#endif
|
||||
goto error;
|
||||
break;
|
||||
case MARIADB_CONNECTION_SSL_LIBRARY:
|
||||
#ifdef HAVE_SSL
|
||||
#ifdef HAVE_GNUTLS
|
||||
*((char **)arg)= "GNUTLS";
|
||||
#elif HAVE_OPENSSL
|
||||
*((char **)arg)= "OPENSSL";
|
||||
#elif HAVE_SCHANNEL
|
||||
*((char **)arg)= "SCHANNEL";
|
||||
#endif
|
||||
#else
|
||||
*((char **)arg)= "OFF";
|
||||
#endif
|
||||
break;
|
||||
case MARIADB_CLIENT_VERSION:
|
||||
*((char **)arg)= MYSQL_CLIENT_VERSION;
|
||||
break;
|
||||
|
||||
@@ -70,6 +70,7 @@ MARIADB_PVIO *ma_pvio_init(MA_PVIO_CINFO *cinfo)
|
||||
* Currently we support the following pvio types:
|
||||
* pvio_socket
|
||||
* pvio_namedpipe
|
||||
* pvio_sharedmed
|
||||
*/
|
||||
char *pvio_plugins[] = {"pvio_socket", "pvio_npipe", "pvio_shmem"};
|
||||
int type;
|
||||
|
||||
@@ -78,7 +78,11 @@ MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql)
|
||||
|
||||
my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl)
|
||||
{
|
||||
return ma_ssl_connect(cssl);
|
||||
my_bool rc;
|
||||
|
||||
if ((rc= ma_ssl_connect(cssl)))
|
||||
ma_ssl_close(cssl);
|
||||
return rc;
|
||||
}
|
||||
|
||||
size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
|
||||
@@ -106,6 +110,11 @@ const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl)
|
||||
return ma_ssl_get_cipher(cssl);
|
||||
}
|
||||
|
||||
void ma_pvio_ssl_end()
|
||||
{
|
||||
return ma_ssl_end();
|
||||
}
|
||||
|
||||
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
|
||||
{
|
||||
return ma_ssl_get_protocol_version(cssl, version);
|
||||
|
||||
@@ -35,6 +35,7 @@ pthread_mutex_t LOCK_gnutls_config;
|
||||
|
||||
static gnutls_certificate_credentials_t GNUTLS_xcred;
|
||||
extern my_bool ma_ssl_initialized;
|
||||
extern unsigned int mariadb_deinitialize_ssl;
|
||||
|
||||
static int my_verify_callback(gnutls_session_t ssl);
|
||||
|
||||
@@ -137,7 +138,8 @@ void ma_ssl_end()
|
||||
gnutls_certificate_free_crls(GNUTLS_xcred);
|
||||
gnutls_certificate_free_ca_names(GNUTLS_xcred);
|
||||
gnutls_certificate_free_credentials(GNUTLS_xcred);
|
||||
gnutls_global_deinit();
|
||||
if (mariadb_deinitialize_ssl)
|
||||
gnutls_global_deinit();
|
||||
ma_ssl_initialized= FALSE;
|
||||
}
|
||||
pthread_mutex_unlock(&LOCK_gnutls_config);
|
||||
|
||||
@@ -41,6 +41,7 @@
|
||||
#include <my_pthread.h>
|
||||
|
||||
extern my_bool ma_ssl_initialized;
|
||||
extern unsigned int mariadb_deinitialize_ssl;
|
||||
static SSL_CTX *SSL_context= NULL;
|
||||
|
||||
#define MAX_SSL_ERR_LEN 100
|
||||
@@ -226,14 +227,16 @@ void ma_ssl_end()
|
||||
SSL_CTX_free(SSL_context);
|
||||
SSL_context= NULL;
|
||||
}
|
||||
ERR_remove_state(0);
|
||||
EVP_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
ERR_free_strings();
|
||||
//ENGINE_cleanup();
|
||||
CONF_modules_free();
|
||||
CONF_modules_unload(1);
|
||||
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
|
||||
if (mariadb_deinitialize_ssl)
|
||||
{
|
||||
ERR_remove_state(0);
|
||||
EVP_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
ERR_free_strings();
|
||||
CONF_modules_free();
|
||||
CONF_modules_unload(1);
|
||||
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
|
||||
}
|
||||
ma_ssl_initialized= FALSE;
|
||||
}
|
||||
pthread_mutex_unlock(&LOCK_openssl_config);
|
||||
@@ -293,7 +296,12 @@ static int ma_ssl_set_certs(MYSQL *mysql)
|
||||
if (keyfile && keyfile[0])
|
||||
{
|
||||
if (SSL_CTX_use_PrivateKey_file(SSL_context, keyfile, SSL_FILETYPE_PEM) != 1)
|
||||
goto error;
|
||||
{
|
||||
unsigned long err= ERR_peek_error();
|
||||
if (!(ERR_GET_LIB(err) == ERR_LIB_X509 &&
|
||||
ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE))
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
if (OPT_HAS_EXT_VAL(mysql, ssl_pw))
|
||||
{
|
||||
|
||||
@@ -310,7 +310,6 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
|
||||
return 0;
|
||||
|
||||
end:
|
||||
/* todo: cleanup */
|
||||
if (pRemoteCertContext)
|
||||
CertFreeCertificateContext(pRemoteCertContext);
|
||||
if (rc && sctx->IoBufferSize)
|
||||
@@ -322,6 +321,9 @@ end:
|
||||
CertFreeCertificateContext(sctx->client_cert_ctx);
|
||||
if (sctx->client_crl_ctx)
|
||||
CertFreeCRLContext(sctx->client_crl_ctx);
|
||||
sctx->client_ca_ctx= 0;
|
||||
sctx->client_cert_ctx= 0;
|
||||
sctx->client_crl_ctx= 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ IF(REPLICATION_PLUGIN_TYPE MATCHES "DYNAMIC")
|
||||
SET(INSTALL_LIBS replication)
|
||||
ENDIF()
|
||||
|
||||
IF(REPLICATION_PLUGIN_TYPE MATCHES "DYNAMIC")
|
||||
IF(AURORA_PLUGIN_TYPE MATCHES "DYNAMIC")
|
||||
IF(WIN32)
|
||||
SET_VERSION_INFO("TARGET:aurora"
|
||||
"FILE_TYPE:VFT_DLL"
|
||||
|
||||
@@ -53,18 +53,7 @@ static int check_cipher(MYSQL *mysql)
|
||||
return 1;
|
||||
diag("cipher: %s", cipher);
|
||||
|
||||
#ifdef HAVE_GNUTLS
|
||||
{
|
||||
return strcmp(cipher, "AES-256-CBC");
|
||||
}
|
||||
#elif HAVE_OPENSSL
|
||||
if (!strcmp(cipher, "DHE-RSA-AES256-SHA") ||
|
||||
!strcmp(cipher, "DHE-RSA-AES256-GCM-SHA384"))
|
||||
return 0;
|
||||
#elif HAVE_SCHANNEL
|
||||
return strcmp(cipher, "CALG_AES_256");
|
||||
#endif
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int create_ssl_user(const char *ssluser, my_bool is_X509)
|
||||
@@ -90,6 +79,8 @@ static int create_ssl_user(const char *ssluser, my_bool is_X509)
|
||||
rc= mysql_query(mysql, "FLUSH PRIVILEGES");
|
||||
check_mysql_rc(rc,mysql);
|
||||
|
||||
mysql_close(mysql);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -775,7 +766,7 @@ static int test_ssl_fp_list(MYSQL *unused)
|
||||
static int test_ssl_version(MYSQL *mysql)
|
||||
{
|
||||
unsigned int iversion;
|
||||
char *version;
|
||||
const char *version, *library;
|
||||
MYSQL *my;
|
||||
|
||||
if (check_skip_ssl())
|
||||
@@ -794,6 +785,10 @@ static int test_ssl_version(MYSQL *mysql)
|
||||
mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION, &version);
|
||||
diag("protocol: %s", version);
|
||||
|
||||
mariadb_get_infov(my, MARIADB_CONNECTION_SSL_LIBRARY, &library);
|
||||
diag("library: %s", library);
|
||||
|
||||
|
||||
mysql_close(my);
|
||||
|
||||
return OK;
|
||||
|
||||
Reference in New Issue
Block a user