Merge pull request #7687 from douzzer/20240626-EvictSessionFromCache-ticketNonce-data-leak

JacobBarthelmeh · web-flow · commit c047e55b921e · 2024-06-27T09:41:42.000-06:00
20240626-EvictSessionFromCache-ticketNonce-data-leak
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
@@ -215,6 +215,17 @@
 #ifdef HAVE_EX_DATA
         session->ownExData = save_ownExData;
 #endif
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) &&                  \
+    defined(WOLFSSL_TICKET_NONCE_MALLOC) &&                                    \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
+        if ((session->ticketNonce.data != NULL) &&
+            (session->ticketNonce.data != session->ticketNonce.dataStatic))
+        {
+            XFREE(session->ticketNonce.data, NULL, DYNAMIC_TYPE_SESSION_TICK);
+            session->ticketNonce.data = NULL;
+        }
+#endif
     }
 
 WOLFSSL_ABI
