From e54ef44870712c4868b96b56d4e046f3b15c8d39 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Mon, 6 Jul 2026 13:34:36 -0600 Subject: [PATCH] Fix ssl double-free and accepted-socket leak in Azure Sphere server Set ssl = NULL after the per-connection free so the final util_Cleanup no longer double-frees it; close(connd) on post-accept error paths. --- IDE/MSVS-2019-AZSPHERE/server/server.c | 10 ++++++++-- IDE/VS-AZURE-SPHERE/server/server.c | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/IDE/MSVS-2019-AZSPHERE/server/server.c b/IDE/MSVS-2019-AZSPHERE/server/server.c index 739ca585bc..bd4dbcd038 100644 --- a/IDE/MSVS-2019-AZSPHERE/server/server.c +++ b/IDE/MSVS-2019-AZSPHERE/server/server.c @@ -56,8 +56,8 @@ int azsphere_server_app(void) #endif { bool isNetworkingReady = false; - int sockfd; - int connd; + int sockfd = -1; + int connd = -1; struct sockaddr_in servAddr; struct sockaddr_in clientAddr; socklen_t size = sizeof(clientAddr); @@ -153,6 +153,7 @@ int azsphere_server_app(void) /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } @@ -165,6 +166,7 @@ int azsphere_server_app(void) if (ret != SSL_SUCCESS) { fprintf(stderr, "wolfSSL_accept error = %d\n", wolfSSL_get_error(ssl, ret)); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } @@ -175,6 +177,7 @@ int azsphere_server_app(void) memset(buff, 0, sizeof(buff)); if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { fprintf(stderr, "ERROR: failed to read\n"); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } @@ -196,13 +199,16 @@ int azsphere_server_app(void) /* Reply back to the client */ if (wolfSSL_write(ssl, buff, (int)len) != len) { fprintf(stderr, "ERROR: failed to write\n"); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ + ssl = NULL; close(connd); /* Close the connection to the client */ + connd = -1; } printf("Shutdown complete\n"); diff --git a/IDE/VS-AZURE-SPHERE/server/server.c b/IDE/VS-AZURE-SPHERE/server/server.c index cabf0673e0..d52e46395d 100644 --- a/IDE/VS-AZURE-SPHERE/server/server.c +++ b/IDE/VS-AZURE-SPHERE/server/server.c @@ -51,8 +51,8 @@ int main(void) { bool isNetworkingReady = false; - int sockfd; - int connd; + int sockfd = -1; + int connd = -1; struct sockaddr_in servAddr; struct sockaddr_in clientAddr; socklen_t size = sizeof(clientAddr); @@ -148,6 +148,7 @@ int main(void) /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } @@ -160,6 +161,7 @@ int main(void) if (ret != SSL_SUCCESS) { fprintf(stderr, "wolfSSL_accept error = %d\n", wolfSSL_get_error(ssl, ret)); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } @@ -170,6 +172,7 @@ int main(void) memset(buff, 0, sizeof(buff)); if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { fprintf(stderr, "ERROR: failed to read\n"); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } @@ -191,13 +194,16 @@ int main(void) /* Reply back to the client */ if (wolfSSL_write(ssl, buff, (int)len) != len) { fprintf(stderr, "ERROR: failed to write\n"); + close(connd); util_Cleanup(sockfd, ctx, ssl); return -1; } /* Cleanup after this connection */ wolfSSL_free(ssl); /* Free the wolfSSL object */ + ssl = NULL; close(connd); /* Close the connection to the client */ + connd = -1; } printf("Shutdown complete\n");