yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-04-30 14:26:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Fixup] Add missing PK release call in Cert Verify parsing

Browse source 
mbedtls_ssl_read() can fail non-fatally, in which case
ssl_parse_certificate_verify() returned immediately without
calling mbedtls_x509_crt_pk_release(), which in turn lead
to a fatal error because of nested acquire calls in the
next call to the function.
This commit is contained in:
Hanno Becker 2019-07-02 15:36:44 +01:00
parent 410322f23e
commit bc6b59859f
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
library/ssl_srv.c
View file

@ -4274,7 +4274,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
if( 0 != ret ) if( 0 != ret )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret ); MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
return( ret ); goto exit;
} }
ssl->state++; ssl->state++;
@ -4284,7 +4284,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
goto exit;
} }
i = mbedtls_ssl_hs_hdr_len( ssl ); i = mbedtls_ssl_hs_hdr_len( ssl );