From 562a5dd215238e5b57972d35b59ae24a8af8e9ca Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Wed, 20 Jan 2021 17:03:05 +0530 Subject: [PATCH 1/6] wpa_supplicant: Fix some memory leak issues by coverity static analyzer. --- components/wpa_supplicant/src/common/sae.c | 5 ++++- components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/components/wpa_supplicant/src/common/sae.c b/components/wpa_supplicant/src/common/sae.c index e63aa75954..30c48aa722 100644 --- a/components/wpa_supplicant/src/common/sae.c +++ b/components/wpa_supplicant/src/common/sae.c @@ -667,7 +667,7 @@ static int sae_derive_commit_element_ffc(struct sae_data *sae, static int sae_derive_commit(struct sae_data *sae) { - struct crypto_bignum *mask; + struct crypto_bignum *mask = NULL; int ret = -1; unsigned int counter = 0; @@ -683,6 +683,9 @@ static int sae_derive_commit(struct sae_data *sae) return ESP_FAIL; } + if (mask) { + crypto_bignum_deinit(mask, 1); + } mask = sae_get_rand_and_mask(sae); if (mask == NULL) { wpa_printf(MSG_DEBUG, "SAE: Could not get rand/mask"); diff --git a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c index 790523b2b2..beaa5b6462 100644 --- a/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c +++ b/components/wpa_supplicant/src/esp_supplicant/esp_wpa2.c @@ -749,7 +749,8 @@ static int eap_peer_sm_init(void) s_wpa2_data_lock = xSemaphoreCreateRecursiveMutex(); if (!s_wpa2_data_lock) { - wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); // NOLINT(clang-analyzer-unix.Malloc) + free(sm); + wpa_printf(MSG_ERROR, "wpa2 eap_peer_sm_init: failed to alloc data lock"); return ESP_ERR_NO_MEM; } From 7bf205162c4232360c325e4311a8bcb1d9fd5646 Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Wed, 20 Jan 2021 17:03:49 +0530 Subject: [PATCH 2/6] tcp_transport: Fix some memory leak issues by coverity static analyzer. --- components/tcp_transport/transport_ssl.c | 5 ++++- components/tcp_transport/transport_tcp.c | 6 +++++- components/tcp_transport/transport_ws.c | 2 ++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/components/tcp_transport/transport_ssl.c b/components/tcp_transport/transport_ssl.c index 98cc7bce59..9e3854d7c2 100644 --- a/components/tcp_transport/transport_ssl.c +++ b/components/tcp_transport/transport_ssl.c @@ -325,7 +325,10 @@ esp_transport_handle_t esp_transport_ssl_init(void) { esp_transport_handle_t t = esp_transport_init(); transport_ssl_t *ssl = calloc(1, sizeof(transport_ssl_t)); - ESP_TRANSPORT_MEM_CHECK(TAG, ssl, return NULL); + ESP_TRANSPORT_MEM_CHECK(TAG, ssl, { + esp_transport_destroy(t); + return NULL; + }); esp_transport_set_context_data(t, ssl); esp_transport_set_func(t, ssl_connect, ssl_read, ssl_write, ssl_close, ssl_poll_read, ssl_poll_write, ssl_destroy); esp_transport_set_async_connect_func(t, ssl_connect_async); diff --git a/components/tcp_transport/transport_tcp.c b/components/tcp_transport/transport_tcp.c index f39cee8d40..d61626f4f1 100644 --- a/components/tcp_transport/transport_tcp.c +++ b/components/tcp_transport/transport_tcp.c @@ -296,7 +296,11 @@ esp_transport_handle_t esp_transport_tcp_init(void) { esp_transport_handle_t t = esp_transport_init(); transport_tcp_t *tcp = calloc(1, sizeof(transport_tcp_t)); - ESP_TRANSPORT_MEM_CHECK(TAG, tcp, return NULL); + ESP_TRANSPORT_MEM_CHECK(TAG, tcp, { + esp_transport_destroy(t); + return NULL; + }); + tcp->sock = -1; esp_transport_set_func(t, tcp_connect, tcp_read, tcp_write, tcp_close, tcp_poll_read, tcp_poll_write, tcp_destroy); esp_transport_set_context_data(t, tcp); diff --git a/components/tcp_transport/transport_ws.c b/components/tcp_transport/transport_ws.c index b5043392cf..fa0e9bd7bd 100644 --- a/components/tcp_transport/transport_ws.c +++ b/components/tcp_transport/transport_ws.c @@ -587,12 +587,14 @@ esp_transport_handle_t esp_transport_ws_init(esp_transport_handle_t parent_handl ws->path = strdup("/"); ESP_TRANSPORT_MEM_CHECK(TAG, ws->path, { free(ws); + esp_transport_destroy(t); return NULL; }); ws->buffer = malloc(WS_BUFFER_SIZE); ESP_TRANSPORT_MEM_CHECK(TAG, ws->buffer, { free(ws->path); free(ws); + esp_transport_destroy(t); return NULL; }); From 6e7780421bdaf4248300c45d9ce98905388cd741 Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Wed, 20 Jan 2021 17:04:39 +0530 Subject: [PATCH 3/6] fatfs: Fix some memory leak issues by coverity static analyzer. --- components/fatfs/src/ff.c | 6 ++++-- components/fatfs/vfs/vfs_fat.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/components/fatfs/src/ff.c b/components/fatfs/src/ff.c index 35fe01d5d1..7d2f601d14 100644 --- a/components/fatfs/src/ff.c +++ b/components/fatfs/src/ff.c @@ -5586,8 +5586,10 @@ FRESULT f_mkfs ( sz_buf = len / ss; /* Size of working buffer (sector) */ szb_buf = sz_buf * ss; /* Size of working buffer (byte) */ } - if (!buf || sz_buf == 0) return FR_NOT_ENOUGH_CORE; - + if (!buf || sz_buf == 0) { + ff_memfree(buf); + return FR_NOT_ENOUGH_CORE; + } /* Determine where the volume to be located (b_vol, sz_vol) */ if (FF_MULTI_PARTITION && part != 0) { /* Get partition information from partition table in the MBR */ diff --git a/components/fatfs/vfs/vfs_fat.c b/components/fatfs/vfs/vfs_fat.c index 26b4f0662a..1ce28a1670 100644 --- a/components/fatfs/vfs/vfs_fat.c +++ b/components/fatfs/vfs/vfs_fat.c @@ -680,12 +680,12 @@ static int vfs_fat_link(void* ctx, const char* n1, const char* n2) } fail3: f_close(pf2); - free(pf2); fail2: f_close(pf1); - free(pf1); fail1: free(buf); + free(pf2); + free(pf1); if (res != FR_OK) { ESP_LOGD(TAG, "%s: fresult=%d", __func__, res); errno = fresult_to_errno(res); From da313b691de76bd20127d00550f8ca932d3c8e21 Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Wed, 20 Jan 2021 17:05:00 +0530 Subject: [PATCH 4/6] wifi_provisioning: Fix some memory leak issues by coverity static analyzer. --- components/wifi_provisioning/src/wifi_config.c | 1 + 1 file changed, 1 insertion(+) diff --git a/components/wifi_provisioning/src/wifi_config.c b/components/wifi_provisioning/src/wifi_config.c index 1aeaa93c0c..1075a31808 100644 --- a/components/wifi_provisioning/src/wifi_config.c +++ b/components/wifi_provisioning/src/wifi_config.c @@ -82,6 +82,7 @@ static esp_err_t cmd_get_status_handler(WiFiConfigPayload *req, WifiConnectedState *connected = (WifiConnectedState *)( malloc(sizeof(WifiConnectedState))); if (!connected) { + free(resp_payload); ESP_LOGE(TAG, "Error allocating memory"); return ESP_ERR_NO_MEM; } From fe7efa8db41b1f8bdd70bcf15a45feeb72489427 Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Wed, 20 Jan 2021 17:05:19 +0530 Subject: [PATCH 5/6] esp_local_ctrl: Fix some memory leak issues by coverity static analyzer. --- components/esp_local_ctrl/src/esp_local_ctrl_handler.c | 1 + 1 file changed, 1 insertion(+) diff --git a/components/esp_local_ctrl/src/esp_local_ctrl_handler.c b/components/esp_local_ctrl/src/esp_local_ctrl_handler.c index 86ecd90ef5..53db309c71 100644 --- a/components/esp_local_ctrl/src/esp_local_ctrl_handler.c +++ b/components/esp_local_ctrl/src/esp_local_ctrl_handler.c @@ -166,6 +166,7 @@ static esp_err_t cmd_set_prop_vals_handler(LocalCtrlMessage *req, ESP_LOGE(TAG, "Failed to allocate memory for setting values"); free(idxs); free(vals); + free(resp_payload); return ESP_ERR_NO_MEM; } for (size_t i = 0; i < req->cmd_set_prop_vals->n_props; i++) { From 89bf9404a54d875e1a31611470c05bc3d4fb7dd8 Mon Sep 17 00:00:00 2001 From: aditi_lonkar Date: Wed, 20 Jan 2021 17:06:22 +0530 Subject: [PATCH 6/6] esp_http_client: Fix some memory leak issues by coverity static analyzer. --- components/esp_http_client/lib/http_header.c | 1 + 1 file changed, 1 insertion(+) diff --git a/components/esp_http_client/lib/http_header.c b/components/esp_http_client/lib/http_header.c index 977efcba7b..b24ce6b46d 100644 --- a/components/esp_http_client/lib/http_header.c +++ b/components/esp_http_client/lib/http_header.c @@ -97,6 +97,7 @@ static esp_err_t http_header_new_item(http_header_handle_t header, const char *k _header_new_item_exit: free(item->key); free(item->value); + free(item); return ESP_ERR_NO_MEM; }