}
/*
- * This function sends a CLOSE command to the capture server.
+ * This function sends a CLOSE command to the capture server if we're in
+ * passive mode and an ENDCAP command to the capture server if we're in
+ * active mode.
*
* It is called when the user calls pcap_close(). It sends a command
* to our peer that says 'ok, let's stop capturing'.
#ifdef HAVE_OPENSSL
if (pr->data_ssl)
{
- SSL_free(pr->data_ssl); // Has to be done before the socket is closed
+ // Finish using the SSL handle for the data socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(pr->data_ssl);
pr->data_ssl = NULL;
}
#endif
#ifdef HAVE_OPENSSL
if (pr->ctrl_ssl)
{
- SSL_free(pr->ctrl_ssl);
+ // Finish using the SSL handle for the control socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(pr->ctrl_ssl);
pr->ctrl_ssl = NULL;
}
#endif
#ifdef HAVE_OPENSSL
if (pr->data_ssl)
{
- SSL_free(pr->data_ssl); // Have to be done before the socket is closed
+ // Finish using the SSL handle for the data socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(pr->data_ssl);
pr->data_ssl = NULL;
}
#endif
#ifdef HAVE_OPENSSL
if (pr->ctrl_ssl)
{
- SSL_free(pr->ctrl_ssl);
+ // Finish using the SSL handle for the control socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(pr->ctrl_ssl);
pr->ctrl_ssl = NULL;
}
#endif
if (!active)
{
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl); // Have to be done before the socket is closed
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
}
if (rpcap_doauth(sockctrl, ssl, &protocol_version, auth, errbuf) == -1)
{
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl); // Must be done before the socket is closed
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is
+ // closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
return -1;
{
/* DO not send RPCAP_CLOSE, since we did not open a pcap_t; no need to free resources */
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl); // Has to be done before the socket is closed
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
if (sock_close(sockctrl, errbuf, PCAP_ERRBUF_SIZE))
return -1;
if (!active)
{
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl); // Has to be done before the socket is closed
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
}
sock_geterror("getnameinfo(): ", errbuf, PCAP_ERRBUF_SIZE);
rpcap_senderror(sockctrl, ssl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl);
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
return (SOCKET)-1;
{
rpcap_senderror(sockctrl, ssl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl);
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
return (SOCKET)-1;
/* Unrecoverable error. */
rpcap_senderror(sockctrl, ssl, 0, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl);
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
return (SOCKET)-3;
errno, "malloc() failed");
rpcap_senderror(sockctrl, ssl, protocol_version, PCAP_ERR_REMOTEACCEPT, errbuf, NULL);
#ifdef HAVE_OPENSSL
- if (ssl) SSL_free(ssl);
+ if (ssl)
+ {
+ // Finish using the SSL handle for the socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl);
+ }
#endif
sock_close(sockctrl, NULL, 0);
return (SOCKET)-1;
* report.
*/
#ifdef HAVE_OPENSSL
- if (temp->ssl) SSL_free(temp->ssl);
+ if (temp->ssl)
+ {
+ // Finish using the SSL handle
+ // for the socket.
+ // This must be done *before*
+ // the socket is closed.
+ ssl_finish(temp->ssl);
+ }
#endif
(void)sock_close(temp->sockctrl, NULL,
0);
else
{
#ifdef HAVE_OPENSSL
- if (temp->ssl) SSL_free(temp->ssl);
+ if (temp->ssl)
+ {
+ // Finish using the SSL handle
+ // for the socket.
+ // This must be done *before*
+ // the socket is closed.
+ ssl_finish(temp->ssl);
+ }
#endif
if (sock_close(temp->sockctrl, errbuf,
PCAP_ERRBUF_SIZE) == -1)
void pcap_remoteact_cleanup(void)
{
+# ifdef HAVE_OPENSSL
+ if (ssl_main)
+ {
+ // Finish using the SSL handle for the main active socket.
+ // This must be done *before* the socket is closed.
+ ssl_finish(ssl_main);
+ ssl_main = NULL;
+ }
+# endif
+
/* Very dirty, but it works */
if (sockmain)
{
/* To avoid inconsistencies in the number of sock_init() */
sock_cleanup();
}
-
-# ifdef HAVE_OPENSSL
- if (ssl_main)
- {
- SSL_free(ssl_main);
- ssl_main = NULL;
- }
-# endif
}
int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf)
projects / libpcap / commitdiff
