Make sure SSL options structure data is freed correctly

src/MQTTAsync.c

@@ -46,7 +46,7 @@
 #define URI_TCP "tcp://"
 
 #define BUILD_TIMESTAMP "##MQTTCLIENT_BUILD_TAG##"
-#define CLIENT_VERSION  "##MQTTCLIENT_VERSION_TAG##" 
+#define CLIENT_VERSION  "##MQTTCLIENT_VERSION_TAG##"
 
 char* client_timestamp_eye = "MQTTAsyncV3_Timestamp " BUILD_TIMESTAMP;
 char* client_version_eye = "MQTTAsyncV3_Version " CLIENT_VERSION;
@@ -2076,6 +2076,8 @@ int MQTTAsync_connect(MQTTAsync handle, MQTTAsync_connectOptions* options)
 
 	if (m->c->will)
 	{
+		free(m->c->will->msg);
+		free(m->c->will->topic);
 		free(m->c->will);
 		m->c->will = NULL;
 	}
@@ -2092,14 +2094,51 @@ int MQTTAsync_connect(MQTTAsync handle, MQTTAsync_connectOptions* options)
 	}
 	
 #if defined(OPENSSL)
+	if (m->c->sslopts)
+	{
+		if (m->c->sslopts->trustStore)
+			free(m->c->sslopts->trustStore);
+		if (m->c->sslopts->keyStore)
+			free(m->c->sslopts->keyStore);
+		if (m->c->sslopts->privateKey)
+			free(m->c->sslopts->privateKey);
+		if (m->c->sslopts->privateKeyPassword)
+			free(m->c->sslopts->privateKeyPassword);
+		if (m->c->sslopts->enabledCipherSuites)
+			free(m->c->sslopts->enabledCipherSuites);
+		free(m->c->sslopts);
+		m->c->sslopts = NULL;
+	}
+
 	if (options->struct_version != 0 && options->ssl)
 	{
 		m->c->sslopts = malloc(sizeof(MQTTClient_SSLOptions));
-		m->c->sslopts->trustStore = options->ssl->trustStore; 
-		m->c->sslopts->keyStore = options->ssl->keyStore; 
-		m->c->sslopts->privateKey = options->ssl->privateKey;
-		m->c->sslopts->privateKeyPassword = options->ssl->privateKeyPassword;
-		m->c->sslopts->enabledCipherSuites = options->ssl->enabledCipherSuites;
+		memset(m->c->sslopts, '\0', sizeof(MQTTClient_SSLOptions));
+		if (options->ssl->trustStore)
+		{
+			m->c->sslopts->trustStore = malloc(strlen(options->ssl->trustStore) + 1);
+			strcpy(m->c->sslopts->trustStore, options->ssl->trustStore); 
+		}
+		if (options->ssl->keyStore)
+		{
+			m->c->sslopts->keyStore = malloc(strlen(options->ssl->keyStore) + 1);
+			strcpy(m->c->sslopts->keyStore, options->ssl->keyStore);
+		}
+		if (options->ssl->privateKey)
+		{
+			m->c->sslopts->privateKey = malloc(strlen(options->ssl->privateKey) + 1);
+			strcpy(m->c->sslopts->privateKey, options->ssl->privateKey);
+		}
+		if (options->ssl->privateKeyPassword)
+		{
+			m->c->sslopts->privateKeyPassword = malloc(strlen(options->ssl->privateKeyPassword) + 1);
+			strcpy(m->c->sslopts->privateKeyPassword, options->ssl->privateKeyPassword);
+		}
+		if (options->ssl->enabledCipherSuites)
+		{
+			m->c->sslopts->enabledCipherSuites = malloc(strlen(options->ssl->enabledCipherSuites) + 1);
+			strcpy(m->c->sslopts->enabledCipherSuites, options->ssl->enabledCipherSuites);
+		}
 		m->c->sslopts->enableServerCertAuth = options->ssl->enableServerCertAuth;
 	}
 #endif

src/MQTTClient.c

@@ -17,6 +17,7 @@
  *    Ian Craggs, Allan Stockdill-Mander - add ability to connect with SSL
  *    Ian Craggs - multiple server connection support
  *    Ian Craggs - fix for bug 413429 - connectionLost not called
+ *    Ian Craggs - fix for bug 421103 - trying to write to same socket, in publish/retries
  *******************************************************************************/
 
 /**
@@ -735,18 +736,73 @@ int MQTTClient_connectURI(MQTTClient handle, MQTTClient_connectOptions* options,
 	m->c->cleansession = options->cleansession;
 	m->c->maxInflightMessages = (options->reliable) ? 1 : 10;
 
+	if (m->c->will)
+	{
+		free(m->c->will->msg);
+		free(m->c->will->topic);
+		free(m->c->will);
+		m->c->will = NULL;
+	}
+
 	if (options->will && options->will->struct_version == 0)
 	{
 		m->c->will = malloc(sizeof(willMessages));
-		m->c->will->msg = options->will->message;
+		m->c->will->msg = malloc(strlen(options->will->message) + 1); 
+		strcpy(m->c->will->msg, options->will->message);
 		m->c->will->qos = options->will->qos;
 		m->c->will->retained = options->will->retained;
-		m->c->will->topic = options->will->topicName;
+		m->c->will->topic = malloc(strlen(options->will->topicName) + 1);
+		strcpy(m->c->will->topic, options->will->topicName);
 	}
 	
 #if defined(OPENSSL)
+	if (m->c->sslopts)
+	{
+		if (m->c->sslopts->trustStore)
+			free(m->c->sslopts->trustStore);
+		if (m->c->sslopts->keyStore)
+			free(m->c->sslopts->keyStore);
+		if (m->c->sslopts->privateKey)
+			free(m->c->sslopts->privateKey);
+		if (m->c->sslopts->privateKeyPassword)
+			free(m->c->sslopts->privateKeyPassword);
+		if (m->c->sslopts->enabledCipherSuites)
+			free(m->c->sslopts->enabledCipherSuites);
+		free(m->c->sslopts);
+		m->c->sslopts = NULL;
+	}
+
 	if (options->struct_version != 0 && options->ssl)
-		m->c->sslopts = options->ssl;
+	{
+		m->c->sslopts = malloc(sizeof(MQTTClient_SSLOptions));
+		memset(m->c->sslopts, '\0', sizeof(MQTTClient_SSLOptions));
+		if (options->ssl->trustStore)
+		{
+			m->c->sslopts->trustStore = malloc(strlen(options->ssl->trustStore) + 1);
+			strcpy(m->c->sslopts->trustStore, options->ssl->trustStore); 
+		}
+		if (options->ssl->keyStore)
+		{
+			m->c->sslopts->keyStore = malloc(strlen(options->ssl->keyStore) + 1);
+			strcpy(m->c->sslopts->keyStore, options->ssl->keyStore);
+		}
+		if (options->ssl->privateKey)
+		{
+			m->c->sslopts->privateKey = malloc(strlen(options->ssl->privateKey) + 1);
+			strcpy(m->c->sslopts->privateKey, options->ssl->privateKey);
+		}
+		if (options->ssl->privateKeyPassword)
+		{
+			m->c->sslopts->privateKeyPassword = malloc(strlen(options->ssl->privateKeyPassword) + 1);
+			strcpy(m->c->sslopts->privateKeyPassword, options->ssl->privateKeyPassword);
+		}
+		if (options->ssl->enabledCipherSuites)
+		{
+			m->c->sslopts->enabledCipherSuites = malloc(strlen(options->ssl->enabledCipherSuites) + 1);
+			strcpy(m->c->sslopts->enabledCipherSuites, options->ssl->enabledCipherSuites);
+		}
+		m->c->sslopts->enableServerCertAuth = options->ssl->enableServerCertAuth;
+	}
 #endif
 
 	m->c->username = options->username;
@@ -1262,7 +1318,8 @@ int MQTTClient_publish(MQTTClient handle, char* topicName, int payloadlen, void*
 		goto exit;
 
 	/* If outbound queue is full, block until it is not */
-	while (m->c->outboundMsgs->count >= m->c->maxInflightMessages)
+	while (m->c->outboundMsgs->count >= m->c->maxInflightMessages || 
+         Socket_noPendingWrites(m->c->net.socket) == 0) /* wait until the socket is free of large packets being written */
 	{
 		if (blocked == 0)
 		{

src/MQTTProtocolClient.c

@@ -664,7 +664,19 @@ void MQTTProtocol_freeClient(Clients* client)
 	}
 #if defined(OPENSSL)
 	if (client->sslopts)
+	{
+		if (client->sslopts->trustStore)
+			free(client->sslopts->trustStore);
+		if (client->sslopts->keyStore)
+			free(client->sslopts->keyStore);
+		if (client->sslopts->privateKey)
+			free(client->sslopts->privateKey);
+		if (client->sslopts->privateKeyPassword)
+			free(client->sslopts->privateKeyPassword);
+		if (client->sslopts->enabledCipherSuites)
+			free(client->sslopts->enabledCipherSuites);
 		free(client->sslopts);
+	}
 #endif
 	/* don't free the client structure itself... this is done elsewhere */
 	FUNC_EXIT;

src/SSLSocket.c

@@ -461,6 +461,8 @@ int SSLSocket_createContext(networkHandles* net, MQTTClient_SSLOptions* opts)
 	
 	if (opts->keyStore)
 	{
+		int rc1 = 0;
+
 		if ((rc = SSL_CTX_use_certificate_chain_file(net->ctx, opts->keyStore)) != 1)
 		{
 			SSLSocket_error("SSL_CTX_use_certificate_chain_file", NULL, net->socket, rc);
@@ -470,14 +472,17 @@ int SSLSocket_createContext(networkHandles* net, MQTTClient_SSLOptions* opts)
 		if (opts->privateKey == NULL)
 			opts->privateKey = opts->keyStore;   /* the privateKey can be included in the keyStore */
 
-        if (opts->privateKeyPassword != NULL)
-        {
-            SSL_CTX_set_default_passwd_cb(net->ctx, pem_passwd_cb);
-            SSL_CTX_set_default_passwd_cb_userdata(net->ctx, (void*)opts->privateKeyPassword);
-        }
+		if (opts->privateKeyPassword != NULL)
+		{
+			SSL_CTX_set_default_passwd_cb(net->ctx, pem_passwd_cb);
+			SSL_CTX_set_default_passwd_cb_userdata(net->ctx, (void*)opts->privateKeyPassword);
+    }
 		
 		/* support for ASN.1 == DER format? DER can contain only one certificate? */
-		if ((rc = SSL_CTX_use_PrivateKey_file(net->ctx, opts->privateKey, SSL_FILETYPE_PEM)) != 1)
+		rc1 = SSL_CTX_use_PrivateKey_file(net->ctx, opts->privateKey, SSL_FILETYPE_PEM);
+		if (opts->privateKey == opts->keyStore)
+			opts->privateKey = NULL;
+		if (rc1 != 1)
 		{
 			SSLSocket_error("SSL_CTX_use_PrivateKey_file", NULL, net->socket, rc);
 			goto free_ctx;