Merge pull request #863 from davidhorstmann-arm/2.x-fix-session-copy-bug

Backport 2.x: [session] fix a session copy bug
2025-07-30 22:43:08 +03:00 · 2021-12-09 09:21:33 +01:00
parent 9a4a9c66a4 0add7f96ac
commit 9ac32eb123
2 changed files with 10 additions and 0 deletions
--- a/ChangeLog.d/fix-session-copy-bug.txt
+++ b/ChangeLog.d/fix-session-copy-bug.txt
@ -0,0 +1,6 @@
+Bugfix
+   * Fix a double-free that happened after mbedtls_ssl_set_session() or
+     mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
+     (out of memory). After that, calling mbedtls_ssl_session_free()
+     and mbedtls_ssl_free() would cause an internal session buffer to
+     be free()'d twice.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -188,6 +188,10 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
    mbedtls_ssl_session_free( dst );
    memcpy( dst, src, sizeof( mbedtls_ssl_session ) );

+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    dst->ticket = NULL;
+#endif
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)

 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)