mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 03:32:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add MBEDTLS_ASN1_CHK_CLEANUP_ADD macro to be able to release memory on failure

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-02-24 14:03:30 +01:00
parent 5a49d3cce3
commit 57207711d8
2 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/mbedtls/asn1write.h
View File

@ -35,6 +35,15 @@
(g) += ret; \ (g) += ret; \
} while (0) } while (0)
#define MBEDTLS_ASN1_CHK_CLEANUP_ADD(g, f) \
do \
{ \
if ((ret = (f)) < 0) \
goto cleanup; \
else \
(g) += ret; \
} while (0)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif

35
library/x509write_csr.c
View File

@ -99,7 +99,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
/* Determine the maximum size of the SubjectAltName list */ /* Determine the maximum size of the SubjectAltName list */
while (cur != NULL) { while (cur != NULL) {
/* Calculate size of the required buffer */ /* Calculate size of the required buffer */
switch(cur->node.type) { switch (cur->node.type) {
case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_DNS_NAME:
case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
case MBEDTLS_X509_SAN_IP_ADDRESS: case MBEDTLS_X509_SAN_IP_ADDRESS:
@ -139,15 +139,20 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_DNS_NAME:
case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
case MBEDTLS_X509_SAN_IP_ADDRESS: case MBEDTLS_X509_SAN_IP_ADDRESS:
MBEDTLS_ASN1_CHK_ADD(len, MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
mbedtls_asn1_write_raw_buffer(&p, buf, mbedtls_asn1_write_raw_buffer(&p, buf,
(const unsigned char *) cur->node.san.unstructured_name.p, (const unsigned char *)
cur->node.san.unstructured_name.len)); cur->node.san.
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, cur->node.san.unstructured_name.len)); unstructured_name.p,
MBEDTLS_ASN1_CHK_ADD(len, cur->node.san.
mbedtls_asn1_write_tag(&p, buf, unstructured_name.len));
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf,
cur->node.type)); cur->node.san.
unstructured_name.len));
MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
mbedtls_asn1_write_tag(&p, buf,
MBEDTLS_ASN1_CONTEXT_SPECIFIC |
cur->node.type));
break; break;
default: default:
/* Skip unsupported names. */ /* Skip unsupported names. */
@ -156,10 +161,11 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
cur = cur->next; cur = cur->next;
} }
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
mbedtls_asn1_write_tag(&p, buf, mbedtls_asn1_write_tag(&p, buf,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
ret = mbedtls_x509write_csr_set_extension( ret = mbedtls_x509write_csr_set_extension(
ctx, ctx,
@ -169,6 +175,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
buf + buflen - len, buf + buflen - len,
len); len);
cleanup:
mbedtls_free(buf); mbedtls_free(buf);
return ret; return ret;
} }