diff options
author | Peter Wu <peter@lekensteyn.nl> | 2015-10-03 19:23:55 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2015-10-07 04:04:59 +0000 |
commit | 40ff4ffee88977b2981e29cb4ad8658394c8442e (patch) | |
tree | 0760d3984f881ae17b20c74ec81de5d1de517770 /epan/dissectors/packet-dtls.c | |
parent | 9fea515efcd025140d018df6d1cf4e3d9ee4f4ac (diff) |
ssl-utils: simplify private key storage, fix resource leaks
The certificate and GnuTLS private key are never used except for
reporting in the log file. Remove the unused certificate-related code
from the PKCS#12 file parsing. Report an immediate error instead of
opening key file if GnuTLS is disabled.
Made ssl_load_key and ssl_load_pkcs12 static, they are not used outside
the SSL dissector. If for some reason the PKCS#12 bag contains multiple
private keys, then the previous one would be overwritten (leaking
memory). Fix this by returning the first private key found.
Simplify key_hash (dtls_key_hash/ssl_key_hash) memory management, now
the table automatically frees keys/values when items are removed.
Fix memory leaks:
- ssldecrypt_uat_fld_password_chk_cb: release ssl_load_pkcs12 memory.
- ssl_load_key: avoid leaking gnutls_x509_privkey_t on error.
- ssl_load_pkcs12: fix ssl_pkey leak on error path.
Change-Id: I5db6fecb0d74e5c78796392aeb17e3eb7985a2ef
Reviewed-on: https://code.wireshark.org/review/10764
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
-rw-r--r-- | epan/dissectors/packet-dtls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 557d418678..579bb678f0 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -215,7 +215,6 @@ dtls_parse_uat(void) if (dtls_key_hash) { - g_hash_table_foreach(dtls_key_hash, ssl_private_key_free, NULL); g_hash_table_destroy(dtls_key_hash); } @@ -228,7 +227,8 @@ dtls_parse_uat(void) wmem_destroy_stack(tmp_stack); /* parse private keys string, load available keys and put them in key hash*/ - dtls_key_hash = g_hash_table_new(ssl_private_key_hash, ssl_private_key_equal); + dtls_key_hash = g_hash_table_new_full(ssl_private_key_hash, + ssl_private_key_equal, g_free, ssl_private_key_free); ssl_set_debug(dtls_debug_file_name); |