Skip to content

Commit 55ec22f

Browse files
me-no-devme-no-dev
authored
fix(ssl): Fix load stream memory leak (#9767)
* fix(ssl): Fix load stream memory leak Loading Ca Cert/Certificate or Private Key from stream was leaking memory, due to buffers not being freed. * fix(ssl): Cast the buffers to non-const
1 parent ce229a1 commit 55ec22f

File tree

2 files changed

+39
-2
lines changed

2 files changed

+39
-2
lines changed

Diff for: libraries/NetworkClientSecure/src/NetworkClientSecure.cpp

+35-1
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ NetworkClientSecure::NetworkClientSecure() {
4040
sslclient->socket = -1;
4141
sslclient->handshake_timeout = 120000;
4242
_use_insecure = false;
43+
_stillinPlainStart = false;
44+
_ca_cert_free = false;
45+
_cert_free = false;
46+
_private_key_free = false;
4347
_CA_cert = NULL;
4448
_cert = NULL;
4549
_private_key = NULL;
@@ -68,6 +72,11 @@ NetworkClientSecure::NetworkClientSecure(int sock) {
6872
_connected = true;
6973
}
7074

75+
_use_insecure = false;
76+
_stillinPlainStart = false;
77+
_ca_cert_free = false;
78+
_cert_free = false;
79+
_private_key_free = false;
7180
_CA_cert = NULL;
7281
_cert = NULL;
7382
_private_key = NULL;
@@ -77,7 +86,17 @@ NetworkClientSecure::NetworkClientSecure(int sock) {
7786
_alpn_protos = NULL;
7887
}
7988

80-
NetworkClientSecure::~NetworkClientSecure() {}
89+
NetworkClientSecure::~NetworkClientSecure() {
90+
if (_ca_cert_free && _CA_cert) {
91+
free((void *)_CA_cert);
92+
}
93+
if (_cert_free && _cert) {
94+
free((void *)_cert);
95+
}
96+
if (_private_key_free && _private_key) {
97+
free((void *)_private_key);
98+
}
99+
}
81100

82101
void NetworkClientSecure::stop() {
83102
stop_ssl_socket(sslclient.get());
@@ -310,6 +329,10 @@ void NetworkClientSecure::setInsecure() {
310329
}
311330

312331
void NetworkClientSecure::setCACert(const char *rootCA) {
332+
if (_ca_cert_free && _CA_cert) {
333+
free((void *)_CA_cert);
334+
_ca_cert_free = false;
335+
}
313336
_CA_cert = rootCA;
314337
_use_insecure = false;
315338
}
@@ -327,10 +350,18 @@ void NetworkClientSecure::setCACertBundle(const uint8_t *bundle) {
327350
}
328351

329352
void NetworkClientSecure::setCertificate(const char *client_ca) {
353+
if (_cert_free && _cert) {
354+
free((void *)_cert);
355+
_cert_free = false;
356+
}
330357
_cert = client_ca;
331358
}
332359

333360
void NetworkClientSecure::setPrivateKey(const char *private_key) {
361+
if (_private_key_free && _private_key) {
362+
free((void *)_private_key);
363+
_private_key_free = false;
364+
}
334365
_private_key = private_key;
335366
}
336367

@@ -369,6 +400,7 @@ bool NetworkClientSecure::loadCACert(Stream &stream, size_t size) {
369400
bool ret = false;
370401
if (dest) {
371402
setCACert(dest);
403+
_ca_cert_free = true;
372404
ret = true;
373405
}
374406
return ret;
@@ -382,6 +414,7 @@ bool NetworkClientSecure::loadCertificate(Stream &stream, size_t size) {
382414
bool ret = false;
383415
if (dest) {
384416
setCertificate(dest);
417+
_cert_free = true;
385418
ret = true;
386419
}
387420
return ret;
@@ -395,6 +428,7 @@ bool NetworkClientSecure::loadPrivateKey(Stream &stream, size_t size) {
395428
bool ret = false;
396429
if (dest) {
397430
setPrivateKey(dest);
431+
_private_key_free = true;
398432
ret = true;
399433
}
400434
return ret;

Diff for: libraries/NetworkClientSecure/src/NetworkClientSecure.h

+4-1
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,10 @@ class NetworkClientSecure : public NetworkClient {
3131
std::shared_ptr<sslclient_context> sslclient;
3232

3333
bool _use_insecure;
34-
bool _stillinPlainStart = false;
34+
bool _stillinPlainStart;
35+
bool _ca_cert_free;
36+
bool _cert_free;
37+
bool _private_key_free;
3538
const char *_CA_cert;
3639
const char *_cert;
3740
const char *_private_key;

0 commit comments

Comments
 (0)