From 0b7788db4968ddec3a74ed1b4d9bb1375a4e231b Mon Sep 17 00:00:00 2001 From: Ruiyu Zhu Date: Fri, 26 May 2023 10:43:15 -0700 Subject: [PATCH] Clear out the ctx variables ASAP in TLS code (#525) Summary: Pull Request resolved: https://github.com/facebookresearch/fbpcf/pull/525 There are some resources in CTX variables that should be freed asap to avoid overflow, as fixed in this diff Reviewed By: danbunnell, robotal Differential Revision: D46215800 fbshipit-source-id: a62b6cf2196edfee10420f2050bf175199d9e2df --- .../engine/communication/SocketPartyCommunicationAgent.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fbpcf/engine/communication/SocketPartyCommunicationAgent.cpp b/fbpcf/engine/communication/SocketPartyCommunicationAgent.cpp index d3d563e0..01ec87af 100644 --- a/fbpcf/engine/communication/SocketPartyCommunicationAgent.cpp +++ b/fbpcf/engine/communication/SocketPartyCommunicationAgent.cpp @@ -243,6 +243,7 @@ void SocketPartyCommunicationAgent::openServerPortWithTls( auto acceptedConnection = receiveFromClient(sockFd); const auto ssl = SSL_new(ctx); + SSL_CTX_free(ctx); SSL_set_fd(ssl, acceptedConnection); // Accept handshake from client @@ -308,6 +309,7 @@ void SocketPartyCommunicationAgent::openServerPortWithTls( auto acceptedConnection = receiveFromClient(sockFd); const auto ssl = SSL_new(ctx); + SSL_CTX_free(ctx); SSL_set_fd(ssl, acceptedConnection); // Accept handshake from client @@ -344,7 +346,7 @@ void SocketPartyCommunicationAgent::openClientPortWithTls( } SSL* ssl = SSL_new(ctx); - + SSL_CTX_free(ctx); if (ssl == nullptr) { auto errorMsg = getErrorInfo(); XLOGF(INFO, "error message: {}", errorMsg); @@ -407,7 +409,7 @@ void SocketPartyCommunicationAgent::openClientPortWithTls( params, serverAddress.c_str(), serverAddress.size()); SSL* ssl = SSL_new(ctx); - + SSL_CTX_free(ctx); if (ssl == nullptr) { auto errorMsg = getErrorInfo(); XLOGF(INFO, "error message: {}", errorMsg);