diff options
| author | Simon Butcher <simon.butcher@arm.com> | 2016-01-02 00:03:39 +0000 |
|---|---|---|
| committer | Simon Butcher <simon.butcher@arm.com> | 2016-01-02 00:03:39 +0000 |
| commit | 7d3f3a8ac80adefa6c70ef76a47273735dcc4d71 (patch) | |
| tree | 060c28e49b00feac71b8433d5aa2a8f56670a1c5 | |
| parent | a192c8f5d877768d24dab95390dbccc91cf85093 (diff) | |
| download | mbedtls-7d3f3a8ac80adefa6c70ef76a47273735dcc4d71.zip mbedtls-7d3f3a8ac80adefa6c70ef76a47273735dcc4d71.tar.gz mbedtls-7d3f3a8ac80adefa6c70ef76a47273735dcc4d71.tar.bz2 | |
Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | library/rsa.c | 8 |
2 files changed, 9 insertions, 1 deletions
@@ -7,6 +7,8 @@ Bugfix * Fix bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has pathLenConstraint=0. Found by Nicholas Wilson. Introduced in mbed TLS 1.3.15. #280 + * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by + JayaraghavendranK. #372 = mbed TLS 1.3.15 released 2015-11-04 diff --git a/library/rsa.c b/library/rsa.c index 59ec35f..0cb0e7d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1082,9 +1082,15 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, * temporary buffer and check it before returning it. */ sig_try = polarssl_malloc( ctx->len ); + if( sig_try == NULL ) + return( POLARSSL_ERR_MPI_MALLOC_FAILED ); + verif = polarssl_malloc( ctx->len ); - if( sig_try == NULL || verif == NULL ) + if( verif == NULL ) + { + polarssl_free( sig_try ); return( POLARSSL_ERR_MPI_MALLOC_FAILED ); + } MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); MPI_CHK( rsa_public( ctx, sig_try, verif ) ); |