From 2685a5dd7bba4a5f63ff5d8bd839ef41e5b630c2 Mon Sep 17 00:00:00 2001 From: Vo Linh Truc Date: Wed, 14 Oct 2020 18:25:26 +0700 Subject: [PATCH] Certificate isn't be free in case parse failure. (#4412) I met problem while I was working with the WiFiClientSecure. I tried to found the source of the problem, and I found it in the sll_client.cpp. Please check my contribution. I've open this problem in #4335 but received no response. --- libraries/WiFiClientSecure/src/ssl_client.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp index 3fa6138f..a1f7dca1 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.cpp +++ b/libraries/WiFiClientSecure/src/ssl_client.cpp @@ -122,6 +122,8 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p mbedtls_ssl_conf_ca_chain(&ssl_client->ssl_conf, &ssl_client->ca_cert, NULL); //mbedtls_ssl_conf_verify(&ssl_client->ssl_ctx, my_verify, NULL ); if (ret < 0) { + // free the ca_cert in the case parse failed, otherwise, the old ca_cert still in the heap memory, that lead to "out of memory" crash. + mbedtls_x509_crt_free(&ssl_client->ca_cert); return handle_error(ret); } } else if (pskIdent != NULL && psKey != NULL) { @@ -167,6 +169,8 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p ret = mbedtls_x509_crt_parse(&ssl_client->client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1); if (ret < 0) { + // free the client_cert in the case parse failed, otherwise, the old client_cert still in the heap memory, that lead to "out of memory" crash. + mbedtls_x509_crt_free(&ssl_client->client_cert); return handle_error(ret); }