You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user sets the user ssl ctx using mosquitto_opts_set(mosq, MOSQ_OPT_SSL_CTX, user_ctx), Mosquitto adds a context reference and stores it in mosq->user_ssl_ctx.
Only after a successful call to net__try_connect (indicating a successful TCP connection), do we pass the mosq->user_ssl_ctx to mosq->ssl_ctx during net__init_ssl_ctx.
In the mosquitto_destroy function, we currently only free the mosq->ssl_ctx.
However, if a user sets the user ssl ctx and mosquitto_connect fails due to network unavailability, calling mosquitto_destroy will leak the user ssl ctx.
Suggestions
When a user sets the user ssl ctx, we should free mosq->user_ssl_ctx instead of mosq->ssl_ctx in the mosquitto_destroy function.
Issue Description
Version: v2.0.18
Platform: Ubuntu 22
Analysis
When a user sets the
user ssl ctx
usingmosquitto_opts_set(mosq, MOSQ_OPT_SSL_CTX, user_ctx)
, Mosquitto adds a context reference and stores it inmosq->user_ssl_ctx
.Only after a successful call to
net__try_connect
(indicating a successful TCP connection), do we pass themosq->user_ssl_ctx
tomosq->ssl_ctx
duringnet__init_ssl_ctx
.In the
mosquitto_destroy
function, we currently only free themosq->ssl_ctx
.However, if a user sets the
user ssl ctx
andmosquitto_connect
fails due to network unavailability, callingmosquitto_destroy
will leak theuser ssl ctx
.Suggestions
When a user sets the
user ssl ctx
, we should freemosq->user_ssl_ctx
instead ofmosq->ssl_ctx
in themosquitto_destroy
function.The text was updated successfully, but these errors were encountered: