Merge pull request #5416 from gstrauss/mbedtls_ssl_config_defaults-repeat-2.28

Backport 2.28: Reset dhm_P and dhm_G if config call repeated
2025-01-23 13:51:03 +00:00 · 2022-01-14 10:41:12 +01:00 · 2022-01-14 10:41:12 +01:00 · 4afaba52a9
parent bbfa3f1967 de081ce75c
commit 4afaba52a9
2 changed files with 8 additions and 0 deletions
--- a/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt
+++ b/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt
@ -0,0 +1,2 @@
+Bugfix
+   * Fix memory leak if mbedtls_ssl_config_defaults() call is repeated
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4632,6 +4632,9 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+
    if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
        ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
    {
@ -4647,6 +4650,9 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+
    if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
        ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
    {