Possible memory leak in ota_pal.c (CA-296)

[gonzzor]

In the function otaPal_CheckFileSignature() there are two possible code paths that lead to memory leaks.

The call to CRYPTO_SignatureVerificationStart will allocate memory but it's not freed until CRYPTO_SignatureVerificationFinal() is called.

Between these two calls there are

• One return statement if the certificate wasn't properly set,

  esp-aws-iot/libraries/ota-for-aws-iot-embedded-sdk/port/ota_pal.c

  Line 425 in 1fc7681

  return OTA_PAL_COMBINE_ERR( OtaPalBadSignerCert, 0 );

• One goto that skip the proper code path.

  esp-aws-iot/libraries/ota-for-aws-iot-embedded-sdk/port/ota_pal.c

  Line 451 in 1fc7681

  goto end;

Both these cases will cause a memory leak. Both code paths are rather unlikely but they still exist and shouldn't leak memory.

[AntoineSX]

24c17ab is meant to fix this, but there's two new cases that will fail.

Both if the verification fails or succeeds here, it will free the memory block in CRYPTO_SignatureVerificationFinal and it will then try to free that memory block again causing the esp32 to crash.

esp-aws-iot/libraries/ota-for-aws-iot-embedded-sdk/port/ota_pal.c

Lines 468 to 478 in 24c17ab

	if( CRYPTO_SignatureVerificationFinal( pvSigVerifyContext, ( char * ) pucSignerCert, ulSignerCertSize,
	pFileContext->pSignature->data, pFileContext->pSignature->size ) == pdFALSE )
	{
	LogError( ( "Signature verification failed." ) );
	result = OTA_PAL_COMBINE_ERR( OtaPalSignatureCheckFailed, 0 );
	}
	else
	{
	LogInfo( ( "Signature verification succeeded." ) );
	result = OTA_PAL_COMBINE_ERR( OtaPalSuccess, 0 );
	}

Line 472 and 477 should return.
@avsheth

EDIT: I assume the case where pvContext == NULL in CRYPTO_SignatureVerificationFinal is ok not to free the memory.

[avsheth]

Hi @AntoineSX
Yeah, guess I made a blunder :)
Thanks for bringing it to the notice. Will push the fix.