From c384d61e53a6122cd2be0c1e237c8e17472bcbaa Mon Sep 17 00:00:00 2001
From: "kapil.gupta" <kapil.gupta@espressif.com>
Date: Sun, 19 Jul 2020 14:07:00 +0530
Subject: [PATCH] wpa_supplicant: Fix invalid pointer deference and memleak

Add following changes as part of this:

1. EAP client will crash during validation of key size when CA
certs and keys not present. Add changes to validate it first.
2. Free memory allocated in TLS context
---
 components/wpa_supplicant/src/crypto/tls_mbedtls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c
index c26ed7a615..409281ff92 100644
--- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c
+++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c
@@ -384,7 +384,7 @@ static void tls_set_ciphersuite(tls_context_t *tls)
 	if (tls->ciphersuite[0]) {
 		mbedtls_ssl_conf_ciphersuites(&tls->conf, tls->ciphersuite);
 	} else if (mbedtls_pk_get_bitlen(&tls->clientkey) > 2048 ||
-		 mbedtls_pk_get_bitlen(&tls->cacert_ptr->pk) > 2048) {
+		(tls->cacert_ptr && mbedtls_pk_get_bitlen(&tls->cacert_ptr->pk) > 2048)) {
 		mbedtls_ssl_conf_ciphersuites(&tls->conf, eap_ciphersuite_preference);
 	}
 }
@@ -504,6 +504,7 @@ void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn)
 {
 	/* Free ssl ctx and data */
 	tls_mbedtls_conn_delete((tls_context_t *) conn->tls);
+	os_free(conn->tls);
 	conn->tls = NULL;
 	/* Data in in ssl ctx, free connection */
 	os_free(conn);