Merge remote-tracking branch 'origin/pr/2106' into development

* origin/pr/2106: x509.c: Fix potential memory leak in X.509 self test
author: Jaeden Amero <jaeden.amero@arm.com> 2019-04-05 13:47:06 +0100
committer: Jaeden Amero <jaeden.amero@arm.com> 2019-04-05 13:47:06 +0100
commit: 1b86e4c88113e01df4fb5843f5e6ec5313737dda (patch)
tree: 8a9c2e0439f0ff8fc9179b9b6f2fbbc54e74c695
parent: 57773d4ede814fd94ebcffc92b1b81186c2856de (diff)
parent: 39bdab791d8d3f7ad4b2aa173714fbf19215e110 (diff)
download: mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.zip
mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.tar.gz
mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.tar.bz2
2 files changed, 9 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index d4e945a..9ed7b4c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Bugfix
    * Fix private key DER output in the key_app_writer example. File contents
      were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
      Christian Walther in #2239.
+   * Fix potential memory leak in X.509 self test. Found and fixed by
+     Junhwan Park, #2106.
 
 Changes
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default
diff --git a/library/x509.c b/library/x509.c
index 6b7899f..3f8e290 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1001,8 +1001,8 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
  */
 int mbedtls_x509_self_test( int verbose )
 {
+    int ret = 0;
 #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
-    int ret;
     uint32_t flags;
     mbedtls_x509_crt cacert;
     mbedtls_x509_crt clicert;
@@ -1010,6 +1010,7 @@ int mbedtls_x509_self_test( int verbose )
     if( verbose != 0 )
         mbedtls_printf( "  X.509 certificate load: " );
 
+    mbedtls_x509_crt_init( &cacert );
     mbedtls_x509_crt_init( &clicert );
 
     ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
@@ -1019,11 +1020,9 @@ int mbedtls_x509_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( ret );
+        goto cleanup;
     }
 
-    mbedtls_x509_crt_init( &cacert );
-
     ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
                           mbedtls_test_ca_crt_len );
     if( ret != 0 )
@@ -1031,7 +1030,7 @@ int mbedtls_x509_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( ret );
+        goto cleanup;
     }
 
     if( verbose != 0 )
@@ -1043,20 +1042,19 @@ int mbedtls_x509_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( ret );
+        goto cleanup;
     }
 
     if( verbose != 0 )
         mbedtls_printf( "passed\n\n");
 
+cleanup:
     mbedtls_x509_crt_free( &cacert  );
     mbedtls_x509_crt_free( &clicert );
-
-    return( 0 );
 #else
     ((void) verbose);
-    return( 0 );
 #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
+    return( ret );
 }
 
 #endif /* MBEDTLS_SELF_TEST */
author	Jaeden Amero <jaeden.amero@arm.com>	2019-04-05 13:47:06 +0100
committer	Jaeden Amero <jaeden.amero@arm.com>	2019-04-05 13:47:06 +0100
commit	1b86e4c88113e01df4fb5843f5e6ec5313737dda (patch)
tree	8a9c2e0439f0ff8fc9179b9b6f2fbbc54e74c695
parent	57773d4ede814fd94ebcffc92b1b81186c2856de (diff)
parent	39bdab791d8d3f7ad4b2aa173714fbf19215e110 (diff)
download	mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.zip mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.tar.gz mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.tar.bz2