Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 96fd1633e16e86dd3bd6a87783e417d168218a6f^! / .
commit96fd1633e16e86dd3bd6a87783e417d168218a6f[log] [tgz]
authorFrédéric Lécaille <flecaille@haproxy.com>Fri Apr 01 11:21:47 2022 +0200
committerAmaury Denoyelle <adenoyelle@haproxy.com>Fri Apr 01 16:26:06 2022 +0200
treea34d1e79ffb779aefa53e4c551efc2525f6dcf4e
parent000162e1d69ad07144c495bc6a2f0a12503bd763 [diff]
BUG/MINOR: quic: QUIC TLS secrets memory leak

We deallocate these secrets from quic_conn_release().

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 37d6d15..22a652a 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c

@@ -830,6 +830,7 @@
 		struct quic_tls_kp *nxt_rx = &qc->ku.nxt_rx;
 		struct quic_tls_kp *nxt_tx = &qc->ku.nxt_tx;
 
+		/* These secrets must be stored only for Application encryption level */
 		if (!(rx->secret = pool_alloc(pool_head_quic_tls_secret)) ||
 		    !(tx->secret = pool_alloc(pool_head_quic_tls_secret))) {
 			TRACE_DEVEL("Could not allocate secrete keys", QUIC_EV_CONN_RWSEC, qc);
@@ -3755,6 +3756,7 @@
 	int i;
 	struct ssl_sock_ctx *conn_ctx;
 	struct eb64_node *node;
+	struct quic_tls_ctx *app_tls_ctx;
 
 	/* free remaining stream descriptors */
 	node = eb64_first(&qc->streams_by_id);
@@ -3790,8 +3792,15 @@
 		pool_free(pool_head_quic_conn_ctx, conn_ctx);
 	}
 
-	for (i = 0; i < QUIC_TLS_ENC_LEVEL_MAX; i++)
+	quic_tls_ku_free(qc);
+	for (i = 0; i < QUIC_TLS_ENC_LEVEL_MAX; i++) {
+		quic_tls_ctx_secs_free(&qc->els[i].tls_ctx);
 		quic_conn_enc_level_uninit(&qc->els[i]);
+	}
+
+	app_tls_ctx = &qc->els[QUIC_TLS_ENC_LEVEL_APP].tls_ctx;
+	pool_free(pool_head_quic_tls_secret, app_tls_ctx->rx.secret);
+	pool_free(pool_head_quic_tls_secret, app_tls_ctx->tx.secret);
 
 	pool_free(pool_head_quic_conn_rxbuf, qc->rx.buf.area);
 	pool_free(pool_head_quic_conn, qc);