Merge pull request #7687 from douzzer/20240626-EvictSessionFromCache-…

…ticketNonce-data-leak 20240626-EvictSessionFromCache-ticketNonce-data-leak
wolfSSL · Jun 27, 2024 · c047e55 · c047e55
2 parents 5420c1a + 4d43dbf
commit c047e55
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
@@ -215,6 +215,17 @@
 #ifdef HAVE_EX_DATA
         session->ownExData = save_ownExData;
 #endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        if ((session->ticketNonce.data != NULL) &&
+            (session->ticketNonce.data != session->ticketNonce.dataStatic))
+        {
+            XFREE(session->ticketNonce.data, NULL, DYNAMIC_TYPE_SESSION_TICK);
+            session->ticketNonce.data = NULL;
+        }
+#endif
     }
 
 WOLFSSL_ABI