From c0d098a75e52528af210ea6f2266bda71299d39e Mon Sep 17 00:00:00 2001
From: "Earle F. Philhower, III" <earlephilhower@yahoo.com>
Date: Thu, 31 Jan 2019 22:02:29 -0800
Subject: [PATCH] Fix BearSSL Server WDT

Fixes #5701 WDTs and other issues with BearSSL::WiFiServerSecure

The BSSL server was creating the client it returns on a connection in a
way that caused the counter for the stack_thunk to get out of sync and
cause it to be freed improperly by having the destructor be called on
more time than the constructor.  Looks like RVO.

Rewrite the ::available() function in order to avoid this issue with
help from @devyte.
---
 .../ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp     | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp
index bea13dda01..d39237104c 100644
--- a/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiServerSecureBearSSL.cpp
@@ -76,6 +76,8 @@ void WiFiServerSecure::setECCert(const X509List *chain, unsigned cert_issuer_key
 // Return a client if there's an available connection waiting.  If one is returned,
 // then any validation (i.e. client cert checking) will have succeeded.
 WiFiClientSecure WiFiServerSecure::available(uint8_t* status) {
+  WiFiClientSecure client;
+
   (void) status; // Unused
   if (_unclaimed) {
     if (_sk && _sk->isRSA()) {
@@ -83,22 +85,21 @@ WiFiClientSecure WiFiServerSecure::available(uint8_t* status) {
       _unclaimed = _unclaimed->next();
       result.setNoDelay(_noDelay);
       DEBUGV("WS:av\r\n");
-      return result;
+      client = result;
     } else if (_sk && _sk->isEC()) {
       WiFiClientSecure result(_unclaimed, _chain, _cert_issuer_key_type, _sk, _iobuf_in_size, _iobuf_out_size, _client_CA_ta);
       _unclaimed = _unclaimed->next();
       result.setNoDelay(_noDelay);
       DEBUGV("WS:av\r\n");
-      return result;
+      client = result;
     } else {
       // No key was defined, so we can't actually accept and attempt accept() and SSL handshake.
       DEBUGV("WS:nokey\r\n");
     }
+  } else {
+    optimistic_yield(1000);
   }
-
-  // Something weird, return a no-op object
-  optimistic_yield(1000);
-  return WiFiClientSecure();
+  return client;
 }