mirror of
https://github.com/espressif/esp-idf.git
synced 2026-06-06 21:26:33 +03:00
dfbe0cb5f1
sec1_new_session()/sec2_new_session() were calling sec*_close_session() with the *new* session_id parameter instead of the existing cur_session->id. The close handler validates `cur_session->id == session_id` before performing teardown, so the call always failed with ESP_ERR_INVALID_STATE. Effect: when a peer started a new provisioning session while another was already active, the previous session's PSA keys, AES context, SRP handle and username buffer were leaked instead of being destroyed. The cleared session struct was overwritten by the new session, leaking the previous key handles inside PSA Crypto and (for security2) leaking heap memory for the username and SRP context. Fix: pass cur_session->id so the close path actually executes the teardown (psa_destroy_key/psa_cipher_abort/esp_srp_free/free) before the new session takes over.