_set_cacert() calls mbedtls_x509_crt_init(&crt) followed by
mbedtls_x509_crt_parse(), which allocates internal storage (parsed
cert fields, chain links, raw buffers) inside the crt object. The
function then returns on both the error and success paths without
calling mbedtls_x509_crt_free(&crt), so all of that internal state
is leaked when the stack-allocated crt goes out of scope. Every
invocation of "wget cacert ..." leaks memory.

Free the cert object on both return paths.

Signed-off-by: Naveen Kumar Chaudhary <[email protected]>
---
 cmd/lwip/wget.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/lwip/wget.c b/cmd/lwip/wget.c
index 4883ad61bce..531e886e986 100644
--- a/cmd/lwip/wget.c
+++ b/cmd/lwip/wget.c
@@ -67,12 +67,15 @@ static int _set_cacert(const void *addr, size_t sz)
        if (ret) {
                if (!wget_info->silent)
                        printf("Could not parse certificates (%d)\n", ret);
+               mbedtls_x509_crt_free(&crt);
                free(cacert);
                cacert = NULL;
                cacert_size = 0;
                return CMD_RET_FAILURE;
        }
 
+       mbedtls_x509_crt_free(&crt);
+
 #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
        cacert_initialized = true;
 #endif
-- 
2.43.0

Reply via email to