diff options
| author | liuxueli <[email protected]> | 2023-09-19 18:32:58 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2023-09-19 18:32:58 +0800 |
| commit | 387130984a39e6546b2c6a83c26e9871a1850bea (patch) | |
| tree | bf42571f5effb35254c35c07c44851fedf3de66e /src | |
| parent | 291987473c2c5fb50bef5dcb1dc4485c58fa0e3b (diff) | |
TSG-17149: SSL解析层处理异常数据包时存在内存泄漏v3.0.3
Diffstat (limited to 'src')
| -rw-r--r-- | src/SSL_Analyze.c | 12 | ||||
| -rw-r--r-- | src/SSL_Analyze.h | 11 | ||||
| -rw-r--r-- | src/SSL_Proc.c | 1 |
3 files changed, 15 insertions, 9 deletions
diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c index 2809c00..7c6d89a 100644 --- a/src/SSL_Analyze.c +++ b/src/SSL_Analyze.c @@ -168,15 +168,13 @@ extern "C" char SSL_ENTRY(const struct streaminfo *a_tcp, void**pme, int thread_ ssl_add_proto_tag( a_tcp, "SSL", strlen("SSL")); } - ssl_context->over_flag=SSL_TRUE; - return_val=ssl_parse_stream(a_tcp, ssl_context ,thread_seq, a_packet); - ssl_call_plugins(a_tcp, ssl_context, NULL, 0, SSL_INTEREST_KEY_MASK, thread_seq, a_packet); + return_val=ssl_parse_stream(a_tcp, ssl_context ,thread_seq, a_packet); break; default: break; } - if(SSL_FLASE==return_val || ssl_context->business.return_value&PROT_STATE_DROPME) + if(SSL_FLASE==return_val) { state=APP_STATE_DROPME; } @@ -188,6 +186,12 @@ extern "C" char SSL_ENTRY(const struct streaminfo *a_tcp, void**pme, int thread_ if(state&APP_STATE_DROPME || a_tcp->opstate==OP_STATE_CLOSE) { + if(ssl_context->is_call_business==1) + { + ssl_context->over_flag=1; + ssl_call_plugins(a_tcp, ssl_context, NULL, 0, SSL_INTEREST_KEY_MASK, thread_seq, a_packet); + } + ssl_release_context(ssl_context, thread_seq); *pme=NULL; } diff --git a/src/SSL_Analyze.h b/src/SSL_Analyze.h index e5fe861..b8dabac 100644 --- a/src/SSL_Analyze.h +++ b/src/SSL_Analyze.h @@ -68,12 +68,13 @@ struct ssl_record_trunk struct ssl_runtime_context { - unsigned char link_state; - unsigned char over_flag; - unsigned char is_ssl_stream; - unsigned short version; //SSL versions, definition like TLSV1_2_VERSION in ssl.h - + unsigned char link_state; + unsigned char over_flag; + unsigned char is_ssl_stream; unsigned char first_pkt_flag; + unsigned char is_call_business; + unsigned char padding; + unsigned short version; //SSL versions, definition like TLSV1_2_VERSION in ssl.h struct ssl_stream stream; struct ssl_record_trunk record; struct ssl_business_info business; diff --git a/src/SSL_Proc.c b/src/SSL_Proc.c index 1c7a621..4389c24 100644 --- a/src/SSL_Proc.c +++ b/src/SSL_Proc.c @@ -280,6 +280,7 @@ void ssl_call_plugins(const struct streaminfo *a_tcp, struct ssl_runtime_context session_info.buf=buff; session_info.buflen=buff_len; ssl_context->business.return_value=PROT_PROCESS(&session_info, &(ssl_context->business.param), thread_seq, (struct streaminfo *)a_tcp, a_packet); + ssl_context->is_call_business=1; } } } |