From a5cf243ea0a84dca0640d9e77561d0ea8fe39734 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Sat, 26 Dec 2020 12:43:12 +0530 Subject: [PATCH 1/2] esp-tls: Fix mem leak when global_ca_store is freed --- components/esp-tls/esp_tls_mbedtls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c index efedb0d70d..024da6814f 100644 --- a/components/esp-tls/esp_tls_mbedtls.c +++ b/components/esp-tls/esp_tls_mbedtls.c @@ -578,6 +578,7 @@ esp_err_t esp_mbedtls_set_global_ca_store(const unsigned char *cacert_pem_buf, c if (ret < 0) { ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%x", -ret); mbedtls_x509_crt_free(global_cacert); + free(global_cacert); global_cacert = NULL; return ESP_FAIL; } else if (ret > 0) { @@ -596,6 +597,7 @@ void esp_mbedtls_free_global_ca_store(void) { if (global_cacert) { mbedtls_x509_crt_free(global_cacert); + free(global_cacert); global_cacert = NULL; } } From 84219fe844c968c7c9b70c8d39c262f8332351c5 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Mon, 11 Jan 2021 08:33:49 +0530 Subject: [PATCH 2/2] esp_tls_wolfssl: Move order of crt_bundle check to match that in esp_tls_mbedtls --- components/esp-tls/esp_tls_wolfssl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/components/esp-tls/esp_tls_wolfssl.c b/components/esp-tls/esp_tls_wolfssl.c index 127101398d..d2994c64f2 100644 --- a/components/esp-tls/esp_tls_wolfssl.c +++ b/components/esp-tls/esp_tls_wolfssl.c @@ -157,6 +157,11 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls return ESP_ERR_WOLFSSL_CTX_SETUP_FAILED; } + if (cfg->crt_bundle_attach != NULL) { + ESP_LOGE(TAG,"use_crt_bundle not supported in wolfssl"); + return ESP_FAIL; + } + if (cfg->use_global_ca_store == true) { if ((esp_load_wolfssl_verify_buffer(tls, global_cacert, global_cacert_pem_bytes, FILE_TYPE_CA_CERT, &ret)) != ESP_OK) { ESP_LOGE(TAG, "Error in loading certificate verify buffer, returned %d", ret); @@ -218,11 +223,6 @@ static esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls return ESP_FAIL; } - if (cfg->crt_bundle_attach != NULL) { - ESP_LOGE(TAG,"use_crt_bundle not supported in wolfssl"); - return ESP_FAIL; - } - tls->priv_ssl =(void *)wolfSSL_new( (WOLFSSL_CTX *)tls->priv_ctx); if (!tls->priv_ssl) { ESP_LOGE(TAG, "Create wolfSSL failed");