mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Merge branch 'bugfix/fix_mbedtls_dynamic_resource_memory_leak' into 'master' 

fix(mbedtls): fix mbedtls dynamic resource memory leaks

Closes IDFGH-4251

See merge request espressif/esp-idf!9874
pull/6275/head
Mahavir Jain 2020-11-19 22:18:54 +08:00
rodzic 9741d43cdd 1c9592efc4
commit a1c2141f82
4 zmienionych plików z 59 dodań i 16 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

41
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c
Wyświetl plik

@ -317,9 +317,13 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "--> add rx"); ESP_LOGV(TAG, "--> add rx");
if (ssl->in_buf) { if (ssl->in_buf) {
ESP_LOGV(TAG, "in buffer is not empty"); if (ssl->in_iv) {
ret = 0; ESP_LOGV(TAG, "in buffer is not empty");
goto exit; ret = 0;
goto exit;
} else {
cached = 1;
}
} }
ssl->in_hdr = msg_head; ssl->in_hdr = msg_head;
@ -346,6 +350,12 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "message length is %d RX buffer length should be %d left is %d", ESP_LOGV(TAG, "message length is %d RX buffer length should be %d left is %d",
(int)in_msglen, (int)buffer_len, (int)ssl->in_left); (int)in_msglen, (int)buffer_len, (int)ssl->in_left);
if (cached) {
memcpy(cache_buf, ssl->in_buf, 16);
mbedtls_free(ssl->in_buf);
init_rx_buffer(ssl, NULL);
}
buf = mbedtls_calloc(1, buffer_len); buf = mbedtls_calloc(1, buffer_len);
if (!buf) { if (!buf) {
ESP_LOGE(TAG, "alloc(%d bytes) failed", buffer_len); ESP_LOGE(TAG, "alloc(%d bytes) failed", buffer_len);
@ -355,12 +365,6 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl)
ESP_LOGV(TAG, "add in buffer %d bytes @ %p", buffer_len, buf); ESP_LOGV(TAG, "add in buffer %d bytes @ %p", buffer_len, buf);
if (ssl->in_ctr) {
memcpy(cache_buf, ssl->in_ctr, 16);
mbedtls_free(ssl->in_ctr);
cached = 1;
}
init_rx_buffer(ssl, buf); init_rx_buffer(ssl, buf);
if (cached) { if (cached) {
@ -389,7 +393,8 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl)
/** /**
* When have read multi messages once, can't free the input buffer directly. * When have read multi messages once, can't free the input buffer directly.
*/ */
if (!ssl->in_buf || (ssl->in_hslen && (ssl->in_hslen < ssl->in_msglen))) { if (!ssl->in_buf || (ssl->in_hslen && (ssl->in_hslen < ssl->in_msglen)) ||
(ssl->in_buf && !ssl->in_iv)) {
ret = 0; ret = 0;
goto exit; goto exit;
} }
@ -418,7 +423,8 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl)
} }
memcpy(pdata, buf, 16); memcpy(pdata, buf, 16);
ssl->in_ctr = pdata; init_rx_buffer(ssl, pdata);
ssl->in_iv = NULL;
exit: exit:
ESP_LOGV(TAG, "<-- free rx"); ESP_LOGV(TAG, "<-- free rx");
@ -515,4 +521,17 @@ void esp_mbedtls_free_peer_cert(mbedtls_ssl_context *ssl)
ssl->session_negotiate->peer_cert = NULL; ssl->session_negotiate->peer_cert = NULL;
} }
} }
bool esp_mbedtls_ssl_is_rsa(mbedtls_ssl_context *ssl)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->transform_negotiate->ciphersuite_info;
if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) {
return true;
} else {
return false;
}
}
#endif #endif

5
components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h
Wyświetl plik

@ -33,9 +33,6 @@
\ \
if ((_ret = _fn) != 0) { \ if ((_ret = _fn) != 0) { \
ESP_LOGV(TAG, "\"%s\" result is -0x%x", # _fn, -_ret); \ ESP_LOGV(TAG, "\"%s\" result is -0x%x", # _fn, -_ret); \
if (_ret == MBEDTLS_ERR_SSL_CONN_EOF) {\
return 0; \
} \
TRACE_CHECK(_fn, "fail"); \ TRACE_CHECK(_fn, "fail"); \
return _ret; \ return _ret; \
} \ } \
@ -80,6 +77,8 @@ void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl);
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
void esp_mbedtls_free_peer_cert(mbedtls_ssl_context *ssl); void esp_mbedtls_free_peer_cert(mbedtls_ssl_context *ssl);
bool esp_mbedtls_ssl_is_rsa(mbedtls_ssl_context *ssl);
#endif #endif
#endif /* _DYNAMIC_IMPL_H_ */ #endif /* _DYNAMIC_IMPL_H_ */

18
components/mbedtls/port/dynamic/esp_ssl_cli.c
Wyświetl plik

@ -73,7 +73,17 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
CHECK_OK(esp_mbedtls_free_rx_buffer(ssl)); CHECK_OK(esp_mbedtls_free_rx_buffer(ssl));
} }
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
esp_mbedtls_free_peer_cert(ssl); /**
* If current ciphersuite is RSA, we should free peer'
* certificate at step MBEDTLS_SSL_CLIENT_KEY_EXCHANGE.
*
* And if it is other kinds of ciphersuite, we can free
* peer certificate here.
*/
if (esp_mbedtls_ssl_is_rsa(ssl) == false) {
esp_mbedtls_free_peer_cert(ssl);
}
#endif #endif
} }
break; break;
@ -123,6 +133,12 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add)
size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN; size_t buffer_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len)); CHECK_OK(esp_mbedtls_add_tx_buffer(ssl, buffer_len));
} else {
#ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT
if (esp_mbedtls_ssl_is_rsa(ssl) == true) {
esp_mbedtls_free_peer_cert(ssl);
}
#endif
} }
break; break;
case MBEDTLS_SSL_CERTIFICATE_VERIFY: case MBEDTLS_SSL_CERTIFICATE_VERIFY:

11
components/mbedtls/port/dynamic/esp_ssl_tls.c
Wyświetl plik

@ -85,7 +85,16 @@ int __wrap_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t
{ {
int ret; int ret;
CHECK_OK(esp_mbedtls_add_rx_buffer(ssl)); ESP_LOGD(TAG, "add mbedtls RX buffer");
ret = esp_mbedtls_add_rx_buffer(ssl);
if (ret == MBEDTLS_ERR_SSL_CONN_EOF) {
ESP_LOGD(TAG, "fail, the connection indicated an EOF");
return 0;
} else if (ret < 0) {
ESP_LOGD(TAG, "fail, error=-0x%x", -ret);
return ret;
}
ESP_LOGD(TAG, "end");
ret = __real_mbedtls_ssl_read(ssl, buf, len); ret = __real_mbedtls_ssl_read(ssl, buf, len);