yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-08 09:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak in mbedtls_x509_crl_parse()

Browse source 
The memory leak call was caused by missing calls to mbedtls_pem_free()
when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was
encountered.
This commit is contained in:
Andres AG 2016-12-08 17:19:21 +00:00 committed by Simon Butcher
parent 5ad4045981
commit f4cbe10bce
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -44,6 +44,9 @@ Bugfix
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
* Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng
Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
* Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused
by missing calls to mbedtls_pem_free() in cases when a
MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered.
= mbed TLS 2.1.6 branch released 2016-10-17

5
library/x509_crl.c
View file

@ -524,16 +524,17 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
if( ( ret = mbedtls_x509_crl_parse_der( chain,
pem.buf, pem.buflen ) ) != 0 )
{
mbedtls_pem_free( &pem );
return( ret );
}
mbedtls_pem_free( &pem );
}
else if( is_pem )
{
mbedtls_pem_free( &pem );
return( ret );
}
mbedtls_pem_free( &pem );
}
/* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
* And a valid CRL cannot be less than 1 byte anyway. */