From de081ce75c1e5a64fcaf6651858e51da7479b104 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 20 Dec 2021 01:43:17 -0500
Subject: [PATCH] Reset dhm_P and dhm_G if config call repeated

Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt | 2 ++
 library/ssl_tls.c                                   | 6 ++++++
 2 files changed, 8 insertions(+)
 create mode 100644 ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt

diff --git a/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt
new file mode 100644
index 000000000..d55c01631
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_config_defaults-memleak.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix memory leak if mbedtls_ssl_config_defaults() call is repeated
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2e6469de8..c7265f108 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4632,6 +4632,9 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+
     if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
         ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
     {
@@ -4647,6 +4650,9 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+
     if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
         ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
     {