yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-22 08:41:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak in ecp_mul_comb() if ecp_precompute_comb() fails

Browse source 
In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
This commit is contained in:
Angus Gratton 2017-09-06 15:07:17 +10:00 committed by Angus Gratton
parent 6c34268e20
commit 608a487b9c
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ChangeLog
View file

@ -86,6 +86,8 @@ Bugfix
* Correct the documentation for `mbedtls_ssl_get_session()`. This API has * Correct the documentation for `mbedtls_ssl_get_session()`. This API has
deep copy of the session, and the peer certificate is not lost. Fixes #926. deep copy of the session, and the peer certificate is not lost. Fixes #926.
* Fix build using -std=c99. Fixed by Nick Wilson. * Fix build using -std=c99. Fixed by Nick Wilson.
* Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
Fix contributed by Espressif Systems.
Changes Changes
* Fail when receiving a TLS alert message with an invalid length, or invalid * Fail when receiving a TLS alert message with an invalid length, or invalid

7
library/ecp.c
View file

@ -1446,7 +1446,12 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
cleanup: cleanup:
if( T != NULL && ! p_eq_g ) /* There are two cases where T is not stored in grp:
* - P != G
* - An intermediate operation failed before setting grp->T
* In either case, T must be freed.
*/
if( T != NULL && T != grp->T )
{ {
for( i = 0; i < pre_len; i++ ) for( i = 0; i < pre_len; i++ )
mbedtls_ecp_point_free( &T[i] ); mbedtls_ecp_point_free( &T[i] );