src/ssl.c, src/internal.c: fix leak in wolfSSL_get_ciphers_compat(): fix gating (OPENSSL_EXTRA, not OPENSSL_ALL) in FreeSuites() re .suitesStack and .clSuitesStack, and similarly fix gating on the implementation of wolfSSL_sk_SSL_CIPHER_free(() and related.

douzzer · douzzer · commit f7b911f5cd16 · 2025-02-28T15:23:43.000-06:00
src/ssl_sess: suppress false positive clang-analyzer-unix.Malloc "Argument to 'free()' is the address of a global variable".
diff --git a/src/internal.c b/src/internal.c
@@ -8379,7 +8379,7 @@ void FreeKeyExchange(WOLFSSL* ssl)
 /* Free up all memory used by Suites structure from WOLFSSL */
 void FreeSuites(WOLFSSL* ssl)
 {
-#ifdef OPENSSL_ALL
+#ifdef OPENSSL_EXTRA
     if (ssl->suitesStack != NULL) {
         /* Enough to free stack structure since WOLFSSL_CIPHER
          * isn't allocated separately. */
@@ -8392,8 +8392,6 @@ void FreeSuites(WOLFSSL* ssl)
         wolfSSL_sk_SSL_CIPHER_free(ssl->clSuitesStack);
         ssl->clSuitesStack = NULL;
     }
-#endif
-#ifdef OPENSSL_EXTRA
     XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES);
     ssl->clSuites = NULL;
 #endif
@@ -25350,6 +25348,8 @@ int SendAsyncData(WOLFSSL* ssl)
  */
 static int ssl_in_handshake(WOLFSSL *ssl, int send)
 {
+int SendAsyncData = 1;
+(void)SendAsyncData;
     if (IsSCR(ssl)) {
         if (send) {
             /* allow sending data in SCR */
diff --git a/src/ssl.c b/src/ssl.c
@@ -21264,10 +21264,7 @@ void wolfSSL_print_all_errors_fp(XFILE fp)
 
 /* Note: This is a huge section of API's - through
  *       wolfSSL_X509_OBJECT_get0_X509_CRL */
-#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
-    (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
-    defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
-    defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
 
 #if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_DEBUG_MEMORY) && \
     !defined(WOLFSSL_STATIC_MEMORY)
@@ -21676,9 +21673,7 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
 }
 #endif
 
-#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX ||
-        * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH ||
-        * HAVE_SBLIM_SFCB)) */
+#endif /* OPENSSL_ALL || OPENSSL_EXTRA */
 
 #ifdef HAVE_SNI
 
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
@@ -4097,7 +4097,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
     ForceZero(session->sessionID, ID_LEN);
 
     if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {
-        XFREE(session, session->heap, DYNAMIC_TYPE_SESSION);
+        XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -4097,7 +4097,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)`
`4097`	`4097`	`ForceZero(session->sessionID, ID_LEN);`
`4098`	`4098`
`4099`	`4099`	`if (session->type == WOLFSSL_SESSION_TYPE_HEAP) {`
`4100`		`- XFREE(session, session->heap, DYNAMIC_TYPE_SESSION);`
	`4100`	`+ XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */`
`4101`	`4101`	`}`
`4102`	`4102`	`}`
`4103`	`4103`