diff options
author | Jaeden Amero <jaeden.amero@arm.com> | 2019-04-05 13:47:06 +0100 |
---|---|---|
committer | Jaeden Amero <jaeden.amero@arm.com> | 2019-04-05 13:47:06 +0100 |
commit | 1b86e4c88113e01df4fb5843f5e6ec5313737dda (patch) | |
tree | 8a9c2e0439f0ff8fc9179b9b6f2fbbc54e74c695 | |
parent | 57773d4ede814fd94ebcffc92b1b81186c2856de (diff) | |
parent | 39bdab791d8d3f7ad4b2aa173714fbf19215e110 (diff) | |
download | mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.zip mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.tar.gz mbedtls-1b86e4c88113e01df4fb5843f5e6ec5313737dda.tar.bz2 |
Merge remote-tracking branch 'origin/pr/2106' into development
* origin/pr/2106:
x509.c: Fix potential memory leak in X.509 self test
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | library/x509.c | 16 |
2 files changed, 9 insertions, 9 deletions
@@ -10,6 +10,8 @@ Bugfix * Fix private key DER output in the key_app_writer example. File contents were shifted by one byte, creating an invalid ASN.1 tag. Fixed by Christian Walther in #2239. + * Fix potential memory leak in X.509 self test. Found and fixed by + Junhwan Park, #2106. Changes * Server's RSA certificate in certs.c was SHA-1 signed. In the default diff --git a/library/x509.c b/library/x509.c index 6b7899f..3f8e290 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1001,8 +1001,8 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) */ int mbedtls_x509_self_test( int verbose ) { + int ret = 0; #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C) - int ret; uint32_t flags; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; @@ -1010,6 +1010,7 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " X.509 certificate load: " ); + mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crt_init( &clicert ); ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, @@ -1019,11 +1020,9 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( ret ); + goto cleanup; } - mbedtls_x509_crt_init( &cacert ); - ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt, mbedtls_test_ca_crt_len ); if( ret != 0 ) @@ -1031,7 +1030,7 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( ret ); + goto cleanup; } if( verbose != 0 ) @@ -1043,20 +1042,19 @@ int mbedtls_x509_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( ret ); + goto cleanup; } if( verbose != 0 ) mbedtls_printf( "passed\n\n"); +cleanup: mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &clicert ); - - return( 0 ); #else ((void) verbose); - return( 0 ); #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */ + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ |