mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 19:21:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add missing deallocation of subject alt name

Browse Source 
Since mbedtls_x509_get_name allocates memory
when parsing a directoryName, deallocation
has to be performed if anything fails in the
meantime.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2023-02-27 16:03:41 -05:00
parent 532b8d41af
commit 5f0c6e82fb
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/mbedtls/x509.h
View File

@ -379,8 +379,10 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
/** /**
* \brief This function parses an item in the SubjectAlternativeNames * \brief This function parses an item in the SubjectAlternativeNames
* extension. Please note that mbedtls_x509_free_subject_alt_name * extension. Please note that this function might allocate
* has to be called to dispose of the structure afterwards. * additional memory for a subject alternative name, thus
* mbedtls_x509_free_subject_alt_name has to be called
* to dispose of the structure afterwards.
* *
* \param san_buf The buffer holding the raw data item of the subject * \param san_buf The buffer holding the raw data item of the subject
* alternative name. * alternative name.

7
library/x509.c
View File

@ -1590,10 +1590,15 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
case MBEDTLS_X509_SAN_DIRECTORY_NAME: case MBEDTLS_X509_SAN_DIRECTORY_NAME:
{ {
ret = mbedtls_snprintf(p, n, "\n%s directoryName : ", prefix); ret = mbedtls_snprintf(p, n, "\n%s directoryName : ", prefix);
if (ret < 0 || (size_t) ret >= n) {
mbedtls_x509_free_subject_alt_name(&san);
}
MBEDTLS_X509_SAFE_SNPRINTF; MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name); ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name);
if (ret < 0) { if (ret < 0) {
mbedtls_x509_free_subject_alt_name(&san);
return ret; return ret;
} }
@ -1611,7 +1616,7 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
} }
/* So far memory is freed only in the case of directoryName /* So far memory is freed only in the case of directoryName
* parsing succeeding, as mbedtls_x509_dn_gets allocates memory. */ * parsing succeeding, as mbedtls_x509_get_name allocates memory. */
mbedtls_x509_free_subject_alt_name(&san); mbedtls_x509_free_subject_alt_name(&san);
cur = cur->next; cur = cur->next;
} }