From 57c43ce515bf21170f584ef205c060ae0e3e7f93 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kuba=20Szczodrzy=C5=84ski?= <kuba@szczodrzynski.pl>
Date: Wed, 30 Aug 2023 11:35:11 +0200
Subject: [PATCH] [libs] Fix possible MD5 memory leak in Update

---
 cores/common/arduino/libraries/common/Update/Update.cpp     | 3 ++-
 cores/common/arduino/libraries/common/Update/UpdateUtil.cpp | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/cores/common/arduino/libraries/common/Update/Update.cpp b/cores/common/arduino/libraries/common/Update/Update.cpp
index 0ec8782..c094da4 100644
--- a/cores/common/arduino/libraries/common/Update/Update.cpp
+++ b/cores/common/arduino/libraries/common/Update/Update.cpp
@@ -83,7 +83,8 @@ bool UpdateClass::end(bool evenIfRemaining) {
 		// abort if not finished
 		this->errArd = UPDATE_ERROR_ABORT;
 
-	this->md5Digest = static_cast<uint8_t *>(malloc(16));
+	if (!this->md5Digest)
+		this->md5Digest = static_cast<uint8_t *>(malloc(16));
 	MD5Final(this->md5Digest, this->md5Ctx);
 
 	this->cleanup(/* clearError= */ evenIfRemaining);
diff --git a/cores/common/arduino/libraries/common/Update/UpdateUtil.cpp b/cores/common/arduino/libraries/common/Update/UpdateUtil.cpp
index 22fa02f..353400a 100644
--- a/cores/common/arduino/libraries/common/Update/UpdateUtil.cpp
+++ b/cores/common/arduino/libraries/common/Update/UpdateUtil.cpp
@@ -77,7 +77,8 @@ bool UpdateClass::rollBack() {
 bool UpdateClass::setMD5(const char *md5) {
 	if (strlen(md5) != 32)
 		return false;
-	this->md5Expected = static_cast<uint8_t *>(malloc(16));
+	if (!this->md5Expected)
+		this->md5Expected = static_cast<uint8_t *>(malloc(16));
 	if (!this->md5Expected)
 		return false;
 	lt_xtob(md5, 32, this->md5Expected);