From 6087f200bffe5f518f2df0883a7fe4b259f994d5 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 4 May 2018 08:34:22 +0200
Subject: [PATCH 1/3] Fix memory leak in mbedtls_x509_csr_parse
---
library/x509_csr.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 26a06db4f6..8bb7f3363b 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -294,11 +294,9 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
/*
* Was PEM encoded, parse the result
*/
- if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
- return( ret );
-
+ ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
mbedtls_pem_free( &pem );
- return( 0 );
+ return( ret );
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
From c03059db42e7e1bc2c1c86615fd802b3a7a4de8b Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 14 Jun 2018 07:35:11 +0200
Subject: [PATCH 2/3] Simplify code in mbedtls_x509_csr_parse
---
library/x509_csr.c | 28 ++++++++++------------------
1 file changed, 10 insertions(+), 18 deletions(-)
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 8bb7f3363b..40a0f20613 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -278,32 +278,24 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
#if defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_pem_init( &pem );
-
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buf[buflen - 1] != '\0' )
- ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- else
+ if( buf[buflen - 1] == '\0' ) {
+ mbedtls_pem_init( &pem );
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN CERTIFICATE REQUEST-----",
"-----END CERTIFICATE REQUEST-----",
buf, NULL, 0, &use_len );
- if( ret == 0 )
- {
- /*
- * Was PEM encoded, parse the result
- */
- ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+ if( ret == 0 )
+ /*
+ * Was PEM encoded, parse the result
+ */
+ ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+
mbedtls_pem_free( &pem );
- return( ret );
+ if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+ return( ret );
}
- else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
- {
- mbedtls_pem_free( &pem );
- return( ret );
- }
- else
#endif /* MBEDTLS_PEM_PARSE_C */
return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
}
From 21f73b57edf366392643fb53b545c2e566fe3ac7 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 20 Jun 2018 08:13:24 +0200
Subject: [PATCH 3/3] Coding style
Commit to be squashed
---
library/x509_csr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 40a0f20613..779098d4e9 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -279,7 +279,8 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
#if defined(MBEDTLS_PEM_PARSE_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
- if( buf[buflen - 1] == '\0' ) {
+ if( buf[buflen - 1] == '\0' )
+ {
mbedtls_pem_init( &pem );
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN CERTIFICATE REQUEST-----",