From 6e28f15d6718649f96d0c48f70abe3e7aaa77e5f Mon Sep 17 00:00:00 2001
From: Ashish Sharma <ashish.sharma@espressif.com>
Date: Fri, 11 Jul 2025 13:12:58 +0800
Subject: [PATCH] fix(esp_http_client): fix memory leak in current_header_value
 buffer

Fixed memory leak in esp_http_client_cleanup() where current_header_value
buffer was not being freed when ESP_ERR_HTTP_FETCH_HEADER is returned
during header parsing failures.
---
 components/esp_http_client/esp_http_client.c |  1 +
 components/esp_http_client/lib/http_utils.c  | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c
index 077cabc3ce..2c767faf67 100644
--- a/components/esp_http_client/esp_http_client.c
+++ b/components/esp_http_client/esp_http_client.c
@@ -966,6 +966,7 @@ esp_err_t esp_http_client_cleanup(esp_http_client_handle_t client)
     _clear_auth_data(client);
     free(client->auth_data);
     free(client->current_header_key);
+    free(client->current_header_value);
     free(client->location);
     free(client->auth_header);
     free(client);
diff --git a/components/esp_http_client/lib/http_utils.c b/components/esp_http_client/lib/http_utils.c
index a47796c187..e1774ce0f8 100644
--- a/components/esp_http_client/lib/http_utils.c
+++ b/components/esp_http_client/lib/http_utils.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -11,6 +11,7 @@
 #include <assert.h>
 
 #include "http_utils.h"
+#include "esp_check.h"
 
 #ifndef mem_check
 #define mem_check(x) assert(x)
@@ -64,8 +65,16 @@ char *http_utils_append_string(char **str, const char *new_str, int len)
         }
         if (old_str) {
             old_len = strlen(old_str);
-            old_str = realloc(old_str, old_len + l + 1);
-            mem_check(old_str);
+            // old_str should not be reallocated directly, as in case of memory exhaustion,
+            // it will be lost and we will not be able to free it.
+            char *tmp = realloc(old_str, old_len + l + 1);
+            if (tmp == NULL) {
+                free(old_str);
+                old_str = NULL;
+                ESP_RETURN_ON_FALSE(old_str, NULL, "http_utils", "Memory exhausted");
+            }
+            old_str = tmp;
+            // Ensure the new string is null-terminated
             old_str[old_len + l] = 0;
         } else {
             old_str = calloc(1, l + 1);