From cee11296aac01a8f69da08b7456c43cf80b26370 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 20 Dec 2021 01:43:17 -0500
Subject: [PATCH] Reset dhm_P and dhm_G if config call repeated

Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
 ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt | 2 ++
 library/ssl_tls.c                                   | 6 ++++++
 2 files changed, 8 insertions(+)
 create mode 100644 ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt

diff --git a/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
new file mode 100644
index 000000000..d55c01631
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_comfig_defaults-memleak.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix memory leak if mbedtls_ssl_config_defaults() call is repeated
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d868e4965..dd34651aa 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3944,6 +3944,9 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+
     if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 ||
         ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 )
     {
@@ -3959,6 +3962,9 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
+    mbedtls_mpi_free( &conf->dhm_P );
+    mbedtls_mpi_free( &conf->dhm_G );
+
     if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
                                        &conf->dhm_P ) ) != 0 ||
         ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,