Unverified Commit f29f4485 authored by Paolo Messina's avatar Paolo Messina Committed by GitHub

Fix memory leaks when SSL/TLS connection fails (#5945)

parent 8a8f87d3
...@@ -45,6 +45,8 @@ static int _handle_error(int err, const char * function, int line) ...@@ -45,6 +45,8 @@ static int _handle_error(int err, const char * function, int line)
void ssl_init(sslclient_context *ssl_client) void ssl_init(sslclient_context *ssl_client)
{ {
// reset embedded pointers to zero
memset(ssl_client, 0, sizeof(sslclient_context));
mbedtls_ssl_init(&ssl_client->ssl_ctx); mbedtls_ssl_init(&ssl_client->ssl_ctx);
mbedtls_ssl_config_init(&ssl_client->ssl_conf); mbedtls_ssl_config_init(&ssl_client->ssl_conf);
mbedtls_ctr_drbg_init(&ssl_client->drbg_ctx); mbedtls_ctr_drbg_init(&ssl_client->drbg_ctx);
...@@ -232,6 +234,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p ...@@ -232,6 +234,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
ret = mbedtls_pk_parse_key(&ssl_client->client_key, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0); ret = mbedtls_pk_parse_key(&ssl_client->client_key, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0);
if (ret != 0) { if (ret != 0) {
mbedtls_x509_crt_free(&ssl_client->client_cert); // cert+key are free'd in pair
return handle_error(ret); return handle_error(ret);
} }
...@@ -280,7 +283,6 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p ...@@ -280,7 +283,6 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags); mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);
log_e("Failed to verify peer certificate! verification info: %s", buf); log_e("Failed to verify peer certificate! verification info: %s", buf);
stop_ssl_socket(ssl_client, rootCABuff, cli_cert, cli_key); //It's not safe continue.
return handle_error(ret); return handle_error(ret);
} else { } else {
log_v("Certificate verified."); log_v("Certificate verified.");
...@@ -313,10 +315,20 @@ void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, cons ...@@ -313,10 +315,20 @@ void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, cons
ssl_client->socket = -1; ssl_client->socket = -1;
} }
// avoid memory leak if ssl connection attempt failed
if (ssl_client->ssl_conf.ca_chain != NULL) {
mbedtls_x509_crt_free(&ssl_client->ca_cert);
}
if (ssl_client->ssl_conf.key_cert != NULL) {
mbedtls_x509_crt_free(&ssl_client->client_cert);
mbedtls_pk_free(&ssl_client->client_key);
}
mbedtls_ssl_free(&ssl_client->ssl_ctx); mbedtls_ssl_free(&ssl_client->ssl_ctx);
mbedtls_ssl_config_free(&ssl_client->ssl_conf); mbedtls_ssl_config_free(&ssl_client->ssl_conf);
mbedtls_ctr_drbg_free(&ssl_client->drbg_ctx); mbedtls_ctr_drbg_free(&ssl_client->drbg_ctx);
mbedtls_entropy_free(&ssl_client->entropy_ctx); mbedtls_entropy_free(&ssl_client->entropy_ctx);
// reset embedded pointers to zero
memset(ssl_client, 0, sizeof(sslclient_context));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment