mirror of
https://gitea.invidious.io/iv-org/litespeed-quic.git
synced 2024-08-15 00:53:43 +00:00
fix memory leak when gquic50 decrypt packet
fix a suspicious memory leak in gquic and iquic
This commit is contained in:
linsc
parent
3bbf683f25
commit
a43cc05651
2 changed files with 14 additions and 7 deletions
|
|
@ -2240,7 +2240,6 @@ iquic_esf_decrypt_packet (enc_session_t *enc_session_p,
|
||||||
enum enc_level enc_level;
|
enum enc_level enc_level;
|
||||||
enum packnum_space pns;
|
enum packnum_space pns;
|
||||||
lsquic_packno_t packno;
|
lsquic_packno_t packno;
|
||||||
size_t out_sz;
|
|
||||||
enum dec_packin dec_packin;
|
enum dec_packin dec_packin;
|
||||||
int s;
|
int s;
|
||||||
/* 16Bytes: AEAD authentication tag
|
/* 16Bytes: AEAD authentication tag
|
||||||
|
|
@ -2252,12 +2251,17 @@ iquic_esf_decrypt_packet (enc_session_t *enc_session_p,
|
||||||
* These cipher suites have a 16-byte authentication tag and
|
* These cipher suites have a 16-byte authentication tag and
|
||||||
* produce an output 16 bytes larger than their input.
|
* produce an output 16 bytes larger than their input.
|
||||||
*/
|
*/
|
||||||
const size_t dst_sz = packet_in->pi_data_sz - 16;
|
size_t out_sz, dst_sz;
|
||||||
unsigned char new_secret[EVP_MAX_KEY_LENGTH];
|
unsigned char new_secret[EVP_MAX_KEY_LENGTH];
|
||||||
struct crypto_ctx crypto_ctx_buf;
|
struct crypto_ctx crypto_ctx_buf;
|
||||||
char secret_str[EVP_MAX_KEY_LENGTH * 2 + 1];
|
char secret_str[EVP_MAX_KEY_LENGTH * 2 + 1];
|
||||||
char errbuf[ERR_ERROR_STRING_BUF_LEN];
|
char errbuf[ERR_ERROR_STRING_BUF_LEN];
|
||||||
|
|
||||||
|
if (packet_in->pi_data_sz <= 16) {
|
||||||
|
dec_packin = DECPI_TOO_SHORT;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
dst_sz = packet_in->pi_data_sz - 16;
|
||||||
dst = lsquic_mm_get_packet_in_buf(&enpub->enp_mm, dst_sz);
|
dst = lsquic_mm_get_packet_in_buf(&enpub->enp_mm, dst_sz);
|
||||||
if (!dst)
|
if (!dst)
|
||||||
{
|
{
|
||||||
|
|
@ -2450,10 +2454,10 @@ iquic_esf_decrypt_packet (enc_session_t *enc_session_p,
|
||||||
enc_sess->esi_key_phase = key_phase;
|
enc_sess->esi_key_phase = key_phase;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_in->pi_data_sz = packet_in->pi_header_sz + out_sz;
|
|
||||||
if (packet_in->pi_flags & PI_OWN_DATA)
|
if (packet_in->pi_flags & PI_OWN_DATA)
|
||||||
lsquic_mm_put_packet_in_buf(&enpub->enp_mm, packet_in->pi_data,
|
lsquic_mm_put_packet_in_buf(&enpub->enp_mm, packet_in->pi_data,
|
||||||
packet_in->pi_data_sz);
|
packet_in->pi_data_sz);
|
||||||
|
packet_in->pi_data_sz = packet_in->pi_header_sz + out_sz;
|
||||||
packet_in->pi_data = dst;
|
packet_in->pi_data = dst;
|
||||||
packet_in->pi_flags |= PI_OWN_DATA | PI_DECRYPTED
|
packet_in->pi_flags |= PI_OWN_DATA | PI_DECRYPTED
|
||||||
| (enc_level << PIBIT_ENC_LEV_SHIFT);
|
| (enc_level << PIBIT_ENC_LEV_SHIFT);
|
||||||
|
|
|
||||||
|
|
@ -4177,11 +4177,15 @@ gquic2_esf_decrypt_packet (enc_session_t *enc_session_p,
|
||||||
unsigned sample_off, packno_len, divers_nonce_len;
|
unsigned sample_off, packno_len, divers_nonce_len;
|
||||||
enum gel gel;
|
enum gel gel;
|
||||||
lsquic_packno_t packno;
|
lsquic_packno_t packno;
|
||||||
size_t out_sz;
|
size_t out_sz, dst_sz;
|
||||||
enum dec_packin dec_packin;
|
enum dec_packin dec_packin;
|
||||||
const size_t dst_sz = packet_in->pi_data_sz;
|
|
||||||
char errbuf[ERR_ERROR_STRING_BUF_LEN];
|
char errbuf[ERR_ERROR_STRING_BUF_LEN];
|
||||||
|
|
||||||
|
dst_sz = packet_in->pi_data_sz - 16;
|
||||||
|
if (dst_sz <= 16) {
|
||||||
|
dec_packin = DECPI_TOO_SHORT;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
dst = lsquic_mm_get_packet_in_buf(&enpub->enp_mm, dst_sz);
|
dst = lsquic_mm_get_packet_in_buf(&enpub->enp_mm, dst_sz);
|
||||||
if (!dst)
|
if (!dst)
|
||||||
{
|
{
|
||||||
|
|
@ -4270,11 +4274,10 @@ gquic2_esf_decrypt_packet (enc_session_t *enc_session_p,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Bits 2 and 3 are not set and don't need to be checked in gQUIC */
|
/* Bits 2 and 3 are not set and don't need to be checked in gQUIC */
|
||||||
|
|
||||||
packet_in->pi_data_sz = packet_in->pi_header_sz + out_sz;
|
|
||||||
if (packet_in->pi_flags & PI_OWN_DATA)
|
if (packet_in->pi_flags & PI_OWN_DATA)
|
||||||
lsquic_mm_put_packet_in_buf(&enpub->enp_mm, packet_in->pi_data,
|
lsquic_mm_put_packet_in_buf(&enpub->enp_mm, packet_in->pi_data,
|
||||||
packet_in->pi_data_sz);
|
packet_in->pi_data_sz);
|
||||||
|
packet_in->pi_data_sz = packet_in->pi_header_sz + out_sz;
|
||||||
packet_in->pi_data = dst;
|
packet_in->pi_data = dst;
|
||||||
packet_in->pi_flags |= PI_OWN_DATA | PI_DECRYPTED
|
packet_in->pi_flags |= PI_OWN_DATA | PI_DECRYPTED
|
||||||
| (gel2el[gel] << PIBIT_ENC_LEV_SHIFT);
|
| (gel2el[gel] << PIBIT_ENC_LEV_SHIFT);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue