Certificate isn't be free in case parse failure. (#4412)
I met problem while I was working with the WiFiClientSecure. I tried to found the source of the problem, and I found it in the sll_client.cpp. Please check my contribution. I've open this problem in #4335 but received no response.
This commit is contained in:
Vo Linh Truc
GitHub
parent
675a40b257
commit
2685a5dd7b
@ -122,6 +122,8 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
|
|||||||
mbedtls_ssl_conf_ca_chain(&ssl_client->ssl_conf, &ssl_client->ca_cert, NULL);
|
mbedtls_ssl_conf_ca_chain(&ssl_client->ssl_conf, &ssl_client->ca_cert, NULL);
|
||||||
//mbedtls_ssl_conf_verify(&ssl_client->ssl_ctx, my_verify, NULL );
|
//mbedtls_ssl_conf_verify(&ssl_client->ssl_ctx, my_verify, NULL );
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
|
// free the ca_cert in the case parse failed, otherwise, the old ca_cert still in the heap memory, that lead to "out of memory" crash.
|
||||||
|
mbedtls_x509_crt_free(&ssl_client->ca_cert);
|
||||||
return handle_error(ret);
|
return handle_error(ret);
|
||||||
}
|
}
|
||||||
} else if (pskIdent != NULL && psKey != NULL) {
|
} else if (pskIdent != NULL && psKey != NULL) {
|
||||||
@ -167,6 +169,8 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
|
|||||||
|
|
||||||
ret = mbedtls_x509_crt_parse(&ssl_client->client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1);
|
ret = mbedtls_x509_crt_parse(&ssl_client->client_cert, (const unsigned char *)cli_cert, strlen(cli_cert) + 1);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
|
// free the client_cert in the case parse failed, otherwise, the old client_cert still in the heap memory, that lead to "out of memory" crash.
|
||||||
|
mbedtls_x509_crt_free(&ssl_client->client_cert);
|
||||||
return handle_error(ret);
|
return handle_error(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user