Skip to content

Commit

Permalink
Clear out the ctx variables ASAP in TLS code (#525)
Browse files Browse the repository at this point in the history 
Summary:
Pull Request resolved: #525

There are some resources in CTX variables that should be freed asap to avoid overflow, as fixed in this diff

Reviewed By: danbunnell, robotal

Differential Revision: D46215800

fbshipit-source-id: a62b6cf2196edfee10420f2050bf175199d9e2df
  • Loading branch information
@facebook-github-bot
Ruiyu Zhu authored and facebook-github-bot committed May 26, 2023
1 parent 1a7e50e commit 0b7788d
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions fbpcf/engine/communication/SocketPartyCommunicationAgent.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,7 @@ void SocketPartyCommunicationAgent::openServerPortWithTls(
auto acceptedConnection = receiveFromClient(sockFd);

const auto ssl = SSL_new(ctx);
SSL_CTX_free(ctx);
SSL_set_fd(ssl, acceptedConnection);

// Accept handshake from client
Expand Down Expand Up @@ -308,6 +309,7 @@ void SocketPartyCommunicationAgent::openServerPortWithTls(
auto acceptedConnection = receiveFromClient(sockFd);

const auto ssl = SSL_new(ctx);
SSL_CTX_free(ctx);
SSL_set_fd(ssl, acceptedConnection);

// Accept handshake from client
Expand Down Expand Up @@ -344,7 +346,7 @@ void SocketPartyCommunicationAgent::openClientPortWithTls(
}

SSL* ssl = SSL_new(ctx);

SSL_CTX_free(ctx);
if (ssl == nullptr) {
auto errorMsg = getErrorInfo();
XLOGF(INFO, "error message: {}", errorMsg);
Expand Down Expand Up @@ -407,7 +409,7 @@ void SocketPartyCommunicationAgent::openClientPortWithTls(
params, serverAddress.c_str(), serverAddress.size());

SSL* ssl = SSL_new(ctx);

SSL_CTX_free(ctx);
if (ssl == nullptr) {
auto errorMsg = getErrorInfo();
XLOGF(INFO, "error message: {}", errorMsg);
Expand Down

0 comments on commit 0b7788d

Please sign in to comment.