diff options
author | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2018-02-02 18:35:38 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2018-02-02 22:27:41 +0000 |
commit | e3a76761861cf3baad8e9c998345be59bc725a2b (patch) | |
tree | b23dcbad82e24b282c6b95ea8082edb0b3e4d398 /epan/dissectors/packet-ssl-utils.c | |
parent | f244742b46af8ec402761dee9240e25c2856cb77 (diff) |
quic: fix secret memleaks.
It looks like that quic_create_cleartext_decoders() need to free secrets, tls13_cipher_create() only use it as const.
ASAN report:
ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1742014 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1071:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4e26e8 in __interceptor_malloc /src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88
#1 0x225b038 in g_malloc
#2 0x1741fd5 in quic_derive_cleartext_secrets /src/wireshark/epan/dissectors/packet-quic.c:1065:10
#3 0x173e579 in quic_create_cleartext_decoders /src/wireshark/epan/dissectors/packet-quic.c:1091:10
#4 0x173dc89 in dissect_quic_long_header /src/wireshark/epan/dissectors/packet-quic.c:1221:14
#5 0x173ced6 in dissect_quic /src/wireshark/epan/dissectors/packet-quic.c:1402:18
(...)
Found by oss-fuzz/5902.
Change-Id: I6f8a4597411ee267773225e45043addb69928d66
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5902
Reviewed-on: https://code.wireshark.org/review/25571
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.c')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index fa3c8978a2..7c7bad5c25 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -3022,7 +3022,7 @@ tls13_cipher_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _ } tls13_cipher * -tls13_cipher_create(guint8 tls13_draft_version, int cipher_algo, int cipher_mode, int hash_algo, StringInfo *secret, const gchar **error) +tls13_cipher_create(guint8 tls13_draft_version, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error) { tls13_cipher *cipher = NULL; guchar *write_key = NULL, *write_iv = NULL; |