Skip to content

Commit 67c0e93

Browse files
me-no-devme-no-dev
committed
fix(ssl): Fix load stream memory leak
Loading Ca Cert/Certificate or Private Key from stream was leaking memory, due to buffers not being freed.
1 parent de2fc25 commit 67c0e93

File tree

2 files changed

+39
-2
lines changed

2 files changed

+39
-2
lines changed

libraries/NetworkClientSecure/src/NetworkClientSecure.cpp

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ NetworkClientSecure::NetworkClientSecure() {
4040
sslclient->socket = -1;
4141
sslclient->handshake_timeout = 120000;
4242
_use_insecure = false;
43+
_stillinPlainStart = false;
44+
_ca_cert_free = false;
45+
_cert_free = false;
46+
_private_key_free = false;
4347
_CA_cert = NULL;
4448
_cert = NULL;
4549
_private_key = NULL;
@@ -68,6 +72,11 @@ NetworkClientSecure::NetworkClientSecure(int sock) {
6872
_connected = true;
6973
}
7074

75+
_use_insecure = false;
76+
_stillinPlainStart = false;
77+
_ca_cert_free = false;
78+
_cert_free = false;
79+
_private_key_free = false;
7180
_CA_cert = NULL;
7281
_cert = NULL;
7382
_private_key = NULL;
@@ -77,7 +86,17 @@ NetworkClientSecure::NetworkClientSecure(int sock) {
7786
_alpn_protos = NULL;
7887
}
7988

80-
NetworkClientSecure::~NetworkClientSecure() {}
89+
NetworkClientSecure::~NetworkClientSecure() {
90+
if (_ca_cert_free && _CA_cert) {
91+
free(_CA_cert);
92+
}
93+
if (_cert_free && _cert) {
94+
free(_cert);
95+
}
96+
if (_private_key_free && _private_key) {
97+
free(_private_key);
98+
}
99+
}
81100

82101
void NetworkClientSecure::stop() {
83102
stop_ssl_socket(sslclient.get());
@@ -310,6 +329,10 @@ void NetworkClientSecure::setInsecure() {
310329
}
311330

312331
void NetworkClientSecure::setCACert(const char *rootCA) {
332+
if (_ca_cert_free && _CA_cert) {
333+
free(_CA_cert);
334+
_ca_cert_free = false;
335+
}
313336
_CA_cert = rootCA;
314337
_use_insecure = false;
315338
}
@@ -325,10 +348,18 @@ void NetworkClientSecure::setCACertBundle(const uint8_t *bundle) {
325348
}
326349

327350
void NetworkClientSecure::setCertificate(const char *client_ca) {
351+
if (_cert_free && _cert) {
352+
free(_cert);
353+
_cert_free = false;
354+
}
328355
_cert = client_ca;
329356
}
330357

331358
void NetworkClientSecure::setPrivateKey(const char *private_key) {
359+
if (_private_key_free && _private_key) {
360+
free(_private_key);
361+
_private_key_free = false;
362+
}
332363
_private_key = private_key;
333364
}
334365

@@ -367,6 +398,7 @@ bool NetworkClientSecure::loadCACert(Stream &stream, size_t size) {
367398
bool ret = false;
368399
if (dest) {
369400
setCACert(dest);
401+
_ca_cert_free = true;
370402
ret = true;
371403
}
372404
return ret;
@@ -380,6 +412,7 @@ bool NetworkClientSecure::loadCertificate(Stream &stream, size_t size) {
380412
bool ret = false;
381413
if (dest) {
382414
setCertificate(dest);
415+
_cert_free = true;
383416
ret = true;
384417
}
385418
return ret;
@@ -393,6 +426,7 @@ bool NetworkClientSecure::loadPrivateKey(Stream &stream, size_t size) {
393426
bool ret = false;
394427
if (dest) {
395428
setPrivateKey(dest);
429+
_private_key_free = true;
396430
ret = true;
397431
}
398432
return ret;

libraries/NetworkClientSecure/src/NetworkClientSecure.h

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,10 @@ class NetworkClientSecure : public NetworkClient {
3131
std::shared_ptr<sslclient_context> sslclient;
3232

3333
bool _use_insecure;
34-
bool _stillinPlainStart = false;
34+
bool _stillinPlainStart;
35+
bool _ca_cert_free;
36+
bool _cert_free;
37+
bool _private_key_free;
3538
const char *_CA_cert;
3639
const char *_cert;
3740
const char *_private_key;

0 commit comments

Comments
 (0)