From 39b6c55fb114e5164c8989c8c6398b293b1beda3 Mon Sep 17 00:00:00 2001 From: Vo Linh Truc Date: Tue, 13 Oct 2020 16:13:37 +0700 Subject: [PATCH] Certificate isn't be free in case parse failure. I met problem while I was working with the WiFiClientSecure. I tried to found the source of the problem, and I found it in the sll_client.cpp. Please check my contribution. I've open this problem in #4335 but received no response. --- libraries/WiFiClientSecure/src/ssl_client.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp index 3fa6138f558..a1f7dca12fb 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.cpp +++ b/libraries/WiFiClientSecure/src/ssl_client.cpp @@ -122,6 +122,8 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p mbedtls_ssl_conf_ca_chain(&ssl_client->ssl_conf, &ssl_client->ca_cert, NULL); //mbedtls_ssl_conf_verify(&ssl_client->ssl_ctx, my_verify, NULL ); if (ret < 0) { + // free the ca_cert in the case parse failed, otherwise, the old ca_cert still in the heap memory, that lead to "out of memory" crash. + mbedtls_x509_crt_free(&ssl_client->ca_cert); return handle_error(ret); } } else if (pskIdent != NULL && psKey != NULL) { @@ -167,6 +169,8 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p ret = mbedtls_x509_crt_parse(&ssl_client->client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1); if (ret < 0) { + // free the client_cert in the case parse failed, otherwise, the old client_cert still in the heap memory, that lead to "out of memory" crash. + mbedtls_x509_crt_free(&ssl_client->client_cert); return handle_error(ret); }