Fixes stream load memory leak in WifiSecureClient for SSL CACert, Certificate, and Private Key #6387
Conversation
…tificate, and Private Key. Issue presented during any subsequent invocation of loadCACert, loadCertificate, and loadPrivateKey, respectively, after the first invocation.
|
|
|
Hmmm it's working well for initial load, and if same cert is reloaded again, but if there is a different cert loaded it will panic with:
i will investigate a bit more and push another commit with fixes. Anyone have any ideas on this? |
Feedback on proposed fix:
(a) the destructor for WiFiClientSecure does not appear to free any of these things. For example, if the example was changed to instantiate a new WiFiClientSecure object each time, it would get the some amount of leakage. (b) a call to setInsecure() will leak any of these things that have previously been allocated;
|
|
Hi @fillybrese ! It is always good to make sure that we do not leak any memory. Thanks for the contribution! |
|
I only now noticed this PR... What happens is if a connection is failed and retried, then you may run into these issues. Partly fixed in this PR, but not in the other files (as far as I know) |
* LittleFs is working with C3 * Delete .skip.esp32c3 * Add support for extra flash images (espressif#6625) This PR adds support for uploading additional flash images (e.g. Adafruit Tiny UF2 bootloader) specified in board manifests. Additionally, the PR switches the PlatformIO CI script to the upstream version of the ESP32 dev-platform (basically reverts changes introduced in espressif#5387 as they are no longer required). * publish.yml: Remove a leftover parenthesis that was making the workflow (espressif#6620) Description of Change Remove a leftover parenthesis that was making the workflow that was making the workflow invalid. Tests scenarios Github Workflow. Related links https:/espressif/arduino-esp32/actions/runs/2213167501 Signed-off-by: Abdelatif Guettouche <[email protected]> * Enable LittleFs sketches for C3 (espressif#6618) * LittleFs is working with C3 * Delete .skip.esp32c3 * Update LittleFS PlatformIO example (espressif#6617) * Added RainMaker support on Arduino IDE for ESP32-C3/S2/S3 (espressif#6598) * Added RainMaker support on Arduino IDE for ESP32-C3/S2/S3 Closes espressif#6573 Note related to the issue espressif#6435 * Touch change to init only selected GPIO. (espressif#6609) * Separated init for touch / channel called by touchRead() * compile error * Fixed touch_V2 + ISR * Allow BluetoothSerial::connect() with specified channel and more options (espressif#6380) * BTAddress const, add bool() * BTAdvertisedDevice: const functions * BluetoothSerial: add: getChannels, add isClosed, add read/peek timeout, add connect with channel# * BluetoothSerial: add sec_mask, role in ::connect * BluetoothSerial add discover and connect with channel number example * DiscoverConnect: add SPP_ENABLED check * DiscoverConnect: disable on esp32s3 * Fixes stream load memory leak in WifiSecureClient for SSL CACert, Certificate, and (espressif#6387) Private Key. Issue presented during any subsequent invocation of loadCACert, loadCertificate, and loadPrivateKey, respectively, after the first invocation. * Call i2c_set_timeout in i2cSetClock (espressif#6537) * Uniform behaviour of WiFiClientSecure and WiFiClient setTimeout() (espressif#6562) * Uniform timeout WiFiClient-WiFiClientSecure * Added missing prototype * Add socket check on setTimeout * enh(log) salvage TAG from ESP_IDF log-statements > (espressif#6567) by converting result log-rows from the 1st line to the 2nd (`NET` is the tag): ``` [ 73419][D][telelogger.cpp:915] telemetry(): state: 33C [ 73419][D][telelogger.cpp:915] telemetry(): [NET] state: 33C ``` Co-authored-by: Me No Dev <[email protected]> * add AirM2M_CORE_ESP32C3 board (espressif#6613) * add AirM2M_CORE_ESP32C3 board * Added Unexpected Maker Reflow Master Pro (UM RMP) board (espressif#6630) Fixed wrong SCK and MISO pins for TinyS2 * Tasmota changes (#24) * Update install-arduino-core-esp32.sh * Update CMakeLists.txt * Update Esp.cpp * Update Updater.cpp Co-authored-by: Valerii Koval <[email protected]> Co-authored-by: Abdelatif Guettouche <[email protected]> Co-authored-by: Pedro Minatel <[email protected]> Co-authored-by: Jan Procházka <[email protected]> Co-authored-by: Christian Ferbar <[email protected]> Co-authored-by: Billy <[email protected]> Co-authored-by: Paul <[email protected]> Co-authored-by: Gonzalo Brusco <[email protected]> Co-authored-by: Kostis Anagnostopoulos <[email protected]> Co-authored-by: Me No Dev <[email protected]> Co-authored-by: Darren Cheng <[email protected]> Co-authored-by: Unexpected Maker <[email protected]>
|
Thank you @mrengineer7777 @timr49 @me-no-dev @TD-er for your feedback on the PR. I will review the feedback and implement the changes as soon as i can. Just have been short on time recently, will do my best. There were the issues discovered by myself and others in the original PR code. I would have recommended merging to master be delayed until these raised points are addressed. |
Understood. Your PR was helpful, so can't complain about the merge. Create a new PR to address the remaining issues when you have a chance. Thanks in advance for your contribution! |
Summary
This PR fixes massive memory leak in WifiSecureClient when stream loading the TLS CACert, Certificate, and Private Key.
Issue is not presented on the first load. Issue presents during all subsequent invocations of loadCACert, loadCertificate, and loadPrivateKey, respectively.
Issue was verified to exist and changes verified to work by printing the available heap once per second in my application and following the below procedure.
Issue verified by:
Fix verified by:
Impact
Fixes above summarized memory leak in WifiClientSecure.cpp and does nothing else.
Related links
Fixes Memory leak on multiple calls to loadCACert and others on WiFiClientSecure #5826
Takes a different approach than Fix memory leak on stream load when updating CA Certificate #6062 which did not pass compile checks and included other changes unrelated to the raised issue.