-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix memory leak in mbedtls by adjusting RX buffer size (issue #14444) (IDFGH-13752) #14614
Fix memory leak in mbedtls by adjusting RX buffer size (issue #14444) (IDFGH-13752) #14614
Conversation
…if#14444) - Added rx_buffer_len() to handle correct RX buffer size - Ensured compliance with mbedtls 16KB RX buffer requirement - Prevents CORRUPT HEAP error when receiving large data (>16KB) over HTTPS
👋 Hello HikingDev, we appreciate your contribution to this project! 📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more. 🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project. Click to see more instructions ...
Review and merge process you can expect ...
|
…rements, cautioning against setting the buffer size below 16KB due to potential memory leaks and heap corruption. - Modified `Kconfig` to include warnings about reducing the RX buffer size below the 16KB threshold in `MBEDTLS_SSL_IN_CONTENT_LEN`. - Ensured proper guidance on dynamic TX/RX buffer usage in `MBEDTLS_DYNAMIC_BUFFER`, emphasizing the importance of correct buffer management. These changes ensure proper handling of mbedTLS buffer configurations to avoid issues when using smaller buffer sizes.
Thanks for the quick PR @HikingDev, |
it does fix the heap corroption, if a setting of >16KB for CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN is chosen. Its worth considering to disallow setting MBEDTLS_SSL_IN_CONTENT_LEN at all.
|
@HikingDev |
Description
This pull request addresses a memory leak issue in the mbedtls dynamic implementation related to SSL/TLS buffer management, as described in issue #14444.
Summary of Changes:
Motivation: The issue arises when using the ESP32 as an HTTPS server with dynamic RX/TX buffers and receiving data larger than 16KB. The current tx_buffer_len() function in mbedtls calculates an inadequate buffer size for incoming data, leading to a heap corruption error and memory leak.
The mbedtls documentation specifies that incoming data buffers should be set to 16KB because there is no supported way to inform clients about size restrictions for incoming messages. However, the current implementation in ESP-IDF disregards this requirement. This PR ensures that the RX buffer is large enough to handle the incoming data, preventing memory corruption.
Note: While this fix ensures that the RX buffer respects the setting for CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN, users should still be cautious when setting CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN below 16KB, as this could still lead to memory leaks under certain conditions.
Related
No related PRs at this time.
Testing
Tested on:
Checklist
Before submitting a Pull Request, please ensure the following: