-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible memory leak in ota_pal.c (CA-296) #185
Comments
24c17ab is meant to fix this, but there's two new cases that will fail. Both if the verification fails or succeeds here, it will free the memory block in esp-aws-iot/libraries/ota-for-aws-iot-embedded-sdk/port/ota_pal.c Lines 468 to 478 in 24c17ab
Line 472 and 477 should return. @avsheth EDIT: I assume the case where |
Hi @AntoineSX |
In the function otaPal_CheckFileSignature() there are two possible code paths that lead to memory leaks.
The call to CRYPTO_SignatureVerificationStart will allocate memory but it's not freed until CRYPTO_SignatureVerificationFinal() is called.
Between these two calls there are
esp-aws-iot/libraries/ota-for-aws-iot-embedded-sdk/port/ota_pal.c
Line 425 in 1fc7681
esp-aws-iot/libraries/ota-for-aws-iot-embedded-sdk/port/ota_pal.c
Line 451 in 1fc7681
Both these cases will cause a memory leak. Both code paths are rather unlikely but they still exist and shouldn't leak memory.
The text was updated successfully, but these errors were encountered: