Fix memory leak in mbedtls_x509_crl_parse()

The memory leak call was caused by missing calls to mbedtls_pem_free()
when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was
encountered.
This commit is contained in:
Andres AG 2016-12-08 17:19:21 +00:00 committed by Simon Butcher
parent 87c980749d
commit 5708dcb368
2 changed files with 6 additions and 2 deletions

View file

@ -42,6 +42,9 @@ Bugfix
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
* Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng
Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
* Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused
by missing calls to mbedtls_pem_free() in cases when a
MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered.
= mbed TLS 2.4.1 branch released 2016-12-13

View file

@ -525,16 +525,17 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
if( ( ret = mbedtls_x509_crl_parse_der( chain,
pem.buf, pem.buflen ) ) != 0 )
{
mbedtls_pem_free( &pem );
return( ret );
}
mbedtls_pem_free( &pem );
}
else if( is_pem )
{
mbedtls_pem_free( &pem );
return( ret );
}
mbedtls_pem_free( &pem );
}
/* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
* And a valid CRL cannot be less than 1 byte anyway. */