commit 1677033bc817cf3c5d363235274754b815355bab
author Paul Bakker <p.j.bakker@polarssl.org> Fri Oct 11 09:59:44 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Oct 11 09:59:44 2013 +0200
tree 72232bd3582efb9cedd99198d3e92717fe7377c6
parent d61cc3b24677acd182e4b87bc7e7f40a23480b64

TLS compression only allocates working buffer once

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 39291fa..edcc1c8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -706,6 +706,18 @@
     //
     if( session->compression == SSL_COMPRESS_DEFLATE )
     {
+        if( ssl->compress_buf == NULL )
+        {
+            SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
+            ssl->compress_buf = polarssl_malloc( SSL_BUFFER_LEN );
+            if( ssl->compress_buf == NULL )
+            {
+                SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
+                                    SSL_BUFFER_LEN ) );
+                return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+            }
+        }
+
         SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) );
 
         memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) );
@@ -1662,20 +1674,13 @@
     int ret;
     unsigned char *msg_post = ssl->out_msg;
     size_t len_pre = ssl->out_msglen;
-    unsigned char *msg_pre;
+    unsigned char *msg_pre = ssl->compress_buf;
 
     SSL_DEBUG_MSG( 2, ( "=> compress buf" ) );
 
     if( len_pre == 0 )
         return( 0 );
 
-    msg_pre = (unsigned char*) polarssl_malloc( len_pre );
-    if( msg_pre == NULL )
-    {
-        SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) );
-        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
-    }
-
     memcpy( msg_pre, ssl->out_msg, len_pre );
 
     SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
@@ -1698,8 +1703,6 @@
 
     ssl->out_msglen = SSL_BUFFER_LEN - ssl->transform_out->ctx_deflate.avail_out;
 
-    polarssl_free( msg_pre );
-
     SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
                    ssl->out_msglen ) );
 
@@ -1716,20 +1719,13 @@
     int ret;
     unsigned char *msg_post = ssl->in_msg;
     size_t len_pre = ssl->in_msglen;
-    unsigned char *msg_pre;
+    unsigned char *msg_pre = ssl->compress_buf;
 
     SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) );
 
     if( len_pre == 0 )
         return( 0 );
 
-    msg_pre = (unsigned char*) polarssl_malloc( len_pre );
-    if( msg_pre == NULL )
-    {
-        SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len_pre ) );
-        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
-    }
-
     memcpy( msg_pre, ssl->in_msg, len_pre );
 
     SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
@@ -1752,8 +1748,6 @@
 
     ssl->in_msglen = SSL_MAX_CONTENT_LEN - ssl->transform_in->ctx_inflate.avail_out;
 
-    polarssl_free( msg_pre );
-
     SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
                    ssl->in_msglen ) );
 
@@ -4228,6 +4222,14 @@
         polarssl_free( ssl->in_ctr );
     }
 
+#if defined(POLARSSL_ZLIB_SUPPORT)
+    if( ssl->compress_buf != NULL )
+    {
+        memset( ssl->compress_buf, 0, SSL_BUFFER_LEN );
+        polarssl_free( ssl->compress_buf );
+    }
+#endif
+
 #if defined(POLARSSL_DHM_C)
     mpi_free( &ssl->dhm_P );
     mpi_free( &ssl->dhm_G );