Skip to content

IDE resource handling and error-path improvements#10854

Open
rlm2002 wants to merge 4 commits into
wolfSSL:masterfrom
rlm2002:gi10846-7
Open

IDE resource handling and error-path improvements#10854
rlm2002 wants to merge 4 commits into
wolfSSL:masterfrom
rlm2002:gi10846-7

Conversation

@rlm2002

@rlm2002 rlm2002 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Description

Fixes resource-cleanup bugs on error/shutdown paths across the IDE TLS examples.

  • MQX server/client, QNX client/server, iotsafe client: fix error paths that bypassed cleanup or jumped to the wrong cleanup level, leaking socket/ctx/ssl. Reworked to single-exit / corrected cleanup.
  • Azure Sphere servers: fix ssl double-free on shutdown + accepted-socket (connd) leak on TLS error paths.
  • ESP-IDF server: ssl double-free on shutdown.
  • GCC-ARM client/server: fix ssl/ctx leak on the success path and a ctx double-free on the cipher-list error path; unified to a single cleanup exit:.
  • iotsafe client: wolfIoTSafe_GetCert() negative int return was cast to uint32_t, change to be validated as signed before casting.

Fixes #10846 and Fixes #10847
Fixes #10800

rlm2002 added 4 commits July 6, 2026 16:27
iotsafe-raspberrypi: goto exit on cert-load failure (was return -1).
MQX server: replace bare return -1 with goto exit + guarded cleanup.
QNX client: correct cleanup-ladder jump targets to unwind properly.
initialize ctx and ssl to NULL
validate wolfIoTSafe_GetCert's int return before casting to uint32_t
Set ssl = NULL after the per-connection free so the final util_Cleanup
no longer double-frees it; close(connd) on post-accept error paths.
@rlm2002 rlm2002 self-assigned this Jul 6, 2026
@rlm2002 rlm2002 marked this pull request as ready for review July 6, 2026 22:54
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

retest this please

@rlm2002

rlm2002 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

Retest this please Jenkins. makedist check - stream corrupted exception, invalid stream header.

  1. Fips ACVP failing-ish

@rlm2002 rlm2002 requested review from douzzer and wolfSSL-Fenrir-bot and removed request for douzzer July 7, 2026 17:42

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10854

No scan targets match the changed files in this PR. Review skipped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

3 participants