alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-26 02:02:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): improve memory allocation handling in multiple components

Browse Source
This commit is contained in:
Ashish Sharma
2025-07-17 11:17:06 +08:00
parent 8886097fe4
commit 6b02906822
11 changed files with 107 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
components/esp_http_client/lib/http_utils.c
View File

@@ -45,9 +45,16 @@ char *http_utils_assign_string(char **str, const char *new_str, int len)
l = strlen(new_str);
}
if (old_str) {
old_str = realloc(old_str, l + 1);
ESP_RETURN_ON_FALSE(old_str, NULL, TAG, "Memory exhausted");
old_str[l] = 0;
// old_str should not be reallocated directly, as in case of memory exhaustion,
// it will be lost and we will not be able to free it.
char *tmp = realloc(old_str, l + 1);
if (tmp == NULL) {
free(old_str);
old_str = NULL;
ESP_RETURN_ON_FALSE(old_str, NULL, TAG, "Memory exhausted");
}
old_str = tmp;
old_str[l] = 0; // Ensure the new string is null-terminated
} else {
old_str = calloc(1, l + 1);
ESP_RETURN_ON_FALSE(old_str, NULL, TAG, "Memory exhausted");
@@ -74,7 +81,7 @@ char *http_utils_append_string(char **str, const char *new_str, int len)
if (tmp == NULL) {
free(old_str);
old_str = NULL;
ESP_RETURN_ON_FALSE(tmp, NULL, TAG, "Memory exhausted");
ESP_RETURN_ON_FALSE(old_str, NULL, TAG, "Memory exhausted");
}
old_str = tmp;
// Ensure the new string is null-terminated