Crash on double free

[moritz89]

There is a crash on double free if an SSL/TLS connection is used and it disconnects and then tries to connect again.

# src/WebSocketsClient.cpp

void WebSocketsClient::loop(void) {
     if(!clientIsConnected(&_client)) {
        if(_client.isSSL) {
            if(_client.ssl) {
# ...
                delete _client.ssl; # L250
# ...
            }
            _client.ssl = new WEBSOCKETS_NETWORK_SSL_CLASS();
            _client.tcp = _client.ssl;
        }
    }
}

void WebSocketsClient::clientDisconnect(WSclient_t * client) {
    if(client->tcp) {
# ...
        client->tcp = NULL; # L558
    }

    client->cCode        = 0;
    client->cKey         = "";
}

The fix is to set client->ssl = NULL; after line 558. The cause is the ssl pointer has not been set to null after the same object was deleted from the tcp pointer.

[Links2004]

which version of the libary and mcp are you using?

SSL is reset in the here:

arduinoWebSockets/src/WebSocketsClient.cpp

Lines 529 to 538 in 1789a18

	if(client->isSSL && client->ssl) {
	if(client->ssl->connected()) {
	client->ssl->flush();
	client->ssl->stop();
	}
	event = true;
	delete client->ssl;
	client->ssl = NULL;
	client->tcp = NULL;
	}

[moritz89]

Ahhh, I see the cause now. I am testing a new WEBSOCKETS_NETWORK_TYPE and skipped the define check on L528. Can probably close this and handle it in an MR that would address that.

arduinoWebSockets == 2.6.1

[Links2004]

it may make sense to use this for L528
#if defined(HAS_SSL)