From 20fce25f2846bb665ffc17d3f77a71f10763f725 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 23 Aug 2018 14:36:33 +0100 Subject: [PATCH 1/5] Correct memory-leak in pk_encrypt example program --- programs/pkey/pk_encrypt.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 400619c5c..24c5b566a 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -73,6 +73,8 @@ int main( int argc, char *argv[] ) const char *pers = "mbedtls_pk_encrypt"; mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + mbedtls_pk_init( &pk ); if( argc != 3 ) { @@ -88,7 +90,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -100,8 +101,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Reading public key from '%s'", argv[1] ); fflush( stdout ); - mbedtls_pk_init( &pk ); - if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret ); @@ -136,6 +135,7 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) { mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); + ret = 1; goto exit; } @@ -150,8 +150,10 @@ int main( int argc, char *argv[] ) exit_code = MBEDTLS_EXIT_SUCCESS; exit: - mbedtls_ctr_drbg_free( &ctr_drbg ); + + mbedtls_pk_free( &pk ); mbedtls_entropy_free( &entropy ); + mbedtls_ctr_drbg_free( &ctr_drbg ); #if defined(MBEDTLS_ERROR_C) if( exit_code != MBEDTLS_EXIT_SUCCESS ) From a82a6e126dc6fb87a8696e6932edd7ce83594cac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 8 Oct 2017 16:44:10 +0100 Subject: [PATCH 2/5] Correct memory leak in pk_decrypt example program --- programs/pkey/pk_decrypt.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 00bd71ed3..ec82ca41d 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -73,7 +73,10 @@ int main( int argc, char *argv[] ) const char *pers = "mbedtls_pk_decrypt"; ((void) argv); + mbedtls_pk_init( &pk ); + mbedtls_entropy_init( &entropy ); mbedtls_ctr_drbg_init( &ctr_drbg ); + memset(result, 0, sizeof( result ) ); if( argc != 2 ) @@ -90,7 +93,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) @@ -102,8 +104,6 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - mbedtls_pk_init( &pk ); - if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret ); @@ -116,6 +116,7 @@ int main( int argc, char *argv[] ) if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); + ret = 1; goto exit; } @@ -147,8 +148,10 @@ int main( int argc, char *argv[] ) exit_code = MBEDTLS_EXIT_SUCCESS; exit: - mbedtls_ctr_drbg_free( &ctr_drbg ); + + mbedtls_pk_free( &pk ); mbedtls_entropy_free( &entropy ); + mbedtls_ctr_drbg_free( &ctr_drbg ); #if defined(MBEDTLS_ERROR_C) if( exit_code != MBEDTLS_EXIT_SUCCESS ) From 20b5d14b28b313709e2677b2e070ba8b765fad77 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 8 Oct 2017 16:13:03 +0100 Subject: [PATCH 3/5] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 78e9ebf04..9976c9f04 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix interoperability issues with BouncyCastle. Raised by milenamil in #1157. * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len() and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941. + * Fix memory leak and free without initialization in pk_encrypt + and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128. Changes * Improve compatibility with some alternative CCM implementations by using From 6953ac2dbe631bb9abd54d29ec851e88e58ceffc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 23 Aug 2018 14:39:04 +0100 Subject: [PATCH 4/5] Minor formatting improvements in pk_encrypt and pk_decrypt examples --- programs/pkey/pk_decrypt.c | 17 ++++++++++------- programs/pkey/pk_encrypt.c | 19 ++++++++++++------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index ec82ca41d..6d3a1dc94 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -93,11 +93,12 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + ret ); goto exit; } @@ -121,10 +122,11 @@ int main( int argc, char *argv[] ) } i = 0; - while( fscanf( f, "%02X", &c ) > 0 && i < (int) sizeof( buf ) ) + { buf[i++] = (unsigned char) c; + } fclose( f ); @@ -137,7 +139,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result), mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", + -ret ); goto exit; } @@ -156,7 +159,7 @@ exit: #if defined(MBEDTLS_ERROR_C) if( exit_code != MBEDTLS_EXIT_SUCCESS ) { - mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); + mbedtls_strerror( ret, (char *) buf, sizeof( buf ) ); mbedtls_printf( " ! Last error was: %s\n", buf ); } #endif diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 24c5b566a..22dedba10 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -90,11 +90,12 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", + -ret ); goto exit; } @@ -125,7 +126,8 @@ int main( int argc, char *argv[] ) buf, &olen, sizeof(buf), mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", -ret ); + mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", + -ret ); goto exit; } @@ -134,14 +136,17 @@ int main( int argc, char *argv[] ) */ if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) { - mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); + mbedtls_printf( " failed\n ! Could not create %s\n\n", + "result-enc.txt" ); ret = 1; goto exit; } for( i = 0; i < olen; i++ ) + { mbedtls_fprintf( f, "%02X%s", buf[i], ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); + } fclose( f ); @@ -158,7 +163,7 @@ exit: #if defined(MBEDTLS_ERROR_C) if( exit_code != MBEDTLS_EXIT_SUCCESS ) { - mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); + mbedtls_strerror( ret, (char *) buf, sizeof( buf ) ); mbedtls_printf( " ! Last error was: %s\n", buf ); } #endif From 063c50df8ab9e742ff0e7b1caf2fceb6ff3e15ea Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 23 Aug 2018 15:56:03 +0100 Subject: [PATCH 5/5] pk_encrypt: Uniformize debugging output --- programs/pkey/pk_decrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 6d3a1dc94..1d8c959a0 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -97,8 +97,8 @@ int main( int argc, char *argv[] ) &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", + -ret ); goto exit; }