From 95cf925719841d857a808f4eea9ba967748881dd Mon Sep 17 00:00:00 2001
From: "Earle F. Philhower, III" <earlephilhower@yahoo.com>
Date: Tue, 26 Feb 2019 02:46:25 +0000
Subject: [PATCH] Add OOM check and debug message in CertStore (#5820)

Fixes #5819
---
 libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp b/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp
index d0cc2066d..dbcb6e103 100644
--- a/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/CertStoreBearSSL.cpp
@@ -20,6 +20,13 @@
 #include "CertStoreBearSSL.h"
 #include <memory>
 
+
+#ifdef DEBUG_ESP_SSL
+#define DEBUG_BSSL(fmt, ...)  DEBUG_ESP_PORT.printf_P((PGM_P)PSTR( "BSSL:" fmt), ## __VA_ARGS__)
+#else
+#define DEBUG_BSSL(...)
+#endif
+
 namespace BearSSL {
 
 extern "C" {
@@ -39,6 +46,11 @@ CertStore::CertInfo CertStore::_preprocessCert(uint32_t length, uint32_t offset,
   // Process it using SHA256, same as the hashed_dn
   br_x509_decoder_context *ctx = new br_x509_decoder_context;
   br_sha256_context *sha256 = new br_sha256_context;
+  if (!ctx || !sha256) {
+    DEBUG_BSSL("CertStore::_preprocessCert: OOM\n");
+    return ci;
+  }
+
   br_sha256_init(sha256);
   br_x509_decoder_init(ctx, dn_append, sha256, nullptr, nullptr);
   br_x509_decoder_push(ctx, (const void*)raw, length);
@@ -172,6 +184,10 @@ const br_x509_trust_anchor *CertStore::findHashedTA(void *ctx, void *hashed_dn,
       cs->_data->close();
       cs->_x509 = new X509List(der, ci.length);
       free(der);
+      if (!cs->_x509) {
+        DEBUG_BSSL("CertStore::findHashedTA: OOM\n");
+        return nullptr;
+      }
 
       br_x509_trust_anchor *ta = (br_x509_trust_anchor*)cs->_x509->getTrustAnchors();
       memcpy(ta->dn.data, ci.sha256, sizeof(ci.sha256));