From 67c0e9390eb33edef01659f825b9c75958f03ec2 Mon Sep 17 00:00:00 2001 From: me-no-dev Date: Mon, 3 Jun 2024 23:53:14 +0300 Subject: [PATCH] fix(ssl): Fix load stream memory leak Loading Ca Cert/Certificate or Private Key from stream was leaking memory, due to buffers not being freed. --- .../src/NetworkClientSecure.cpp | 36 ++++++++++++++++++- .../src/NetworkClientSecure.h | 5 ++- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/libraries/NetworkClientSecure/src/NetworkClientSecure.cpp b/libraries/NetworkClientSecure/src/NetworkClientSecure.cpp index 1ef03f29dff..f3d6ecf1597 100644 --- a/libraries/NetworkClientSecure/src/NetworkClientSecure.cpp +++ b/libraries/NetworkClientSecure/src/NetworkClientSecure.cpp @@ -40,6 +40,10 @@ NetworkClientSecure::NetworkClientSecure() { sslclient->socket = -1; sslclient->handshake_timeout = 120000; _use_insecure = false; + _stillinPlainStart = false; + _ca_cert_free = false; + _cert_free = false; + _private_key_free = false; _CA_cert = NULL; _cert = NULL; _private_key = NULL; @@ -68,6 +72,11 @@ NetworkClientSecure::NetworkClientSecure(int sock) { _connected = true; } + _use_insecure = false; + _stillinPlainStart = false; + _ca_cert_free = false; + _cert_free = false; + _private_key_free = false; _CA_cert = NULL; _cert = NULL; _private_key = NULL; @@ -77,7 +86,17 @@ NetworkClientSecure::NetworkClientSecure(int sock) { _alpn_protos = NULL; } -NetworkClientSecure::~NetworkClientSecure() {} +NetworkClientSecure::~NetworkClientSecure() { + if (_ca_cert_free && _CA_cert) { + free(_CA_cert); + } + if (_cert_free && _cert) { + free(_cert); + } + if (_private_key_free && _private_key) { + free(_private_key); + } +} void NetworkClientSecure::stop() { stop_ssl_socket(sslclient.get()); @@ -310,6 +329,10 @@ void NetworkClientSecure::setInsecure() { } void NetworkClientSecure::setCACert(const char *rootCA) { + if (_ca_cert_free && _CA_cert) { + free(_CA_cert); + _ca_cert_free = false; + } _CA_cert = rootCA; _use_insecure = false; } @@ -325,10 +348,18 @@ void NetworkClientSecure::setCACertBundle(const uint8_t *bundle) { } void NetworkClientSecure::setCertificate(const char *client_ca) { + if (_cert_free && _cert) { + free(_cert); + _cert_free = false; + } _cert = client_ca; } void NetworkClientSecure::setPrivateKey(const char *private_key) { + if (_private_key_free && _private_key) { + free(_private_key); + _private_key_free = false; + } _private_key = private_key; } @@ -367,6 +398,7 @@ bool NetworkClientSecure::loadCACert(Stream &stream, size_t size) { bool ret = false; if (dest) { setCACert(dest); + _ca_cert_free = true; ret = true; } return ret; @@ -380,6 +412,7 @@ bool NetworkClientSecure::loadCertificate(Stream &stream, size_t size) { bool ret = false; if (dest) { setCertificate(dest); + _cert_free = true; ret = true; } return ret; @@ -393,6 +426,7 @@ bool NetworkClientSecure::loadPrivateKey(Stream &stream, size_t size) { bool ret = false; if (dest) { setPrivateKey(dest); + _private_key_free = true; ret = true; } return ret; diff --git a/libraries/NetworkClientSecure/src/NetworkClientSecure.h b/libraries/NetworkClientSecure/src/NetworkClientSecure.h index e7831a68839..147acbe37fd 100644 --- a/libraries/NetworkClientSecure/src/NetworkClientSecure.h +++ b/libraries/NetworkClientSecure/src/NetworkClientSecure.h @@ -31,7 +31,10 @@ class NetworkClientSecure : public NetworkClient { std::shared_ptr sslclient; bool _use_insecure; - bool _stillinPlainStart = false; + bool _stillinPlainStart; + bool _ca_cert_free; + bool _cert_free; + bool _private_key_free; const char *_CA_cert; const char *_cert; const char *_private_key;