From 69482f9499e0cd17befbeb4e1ab615a276106a85 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 16 May 2023 10:32:01 +0200
Subject: [PATCH 1/3] Add test to cover memory leak in authorityCertIssuer case

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/suites/test_suite_x509parse.data | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 55ed0c55d5..46fa1e8f39 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -3314,3 +3314,8 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f
 X509 CRT parse Authority Key Id - Wrong Issuer Tag 2
 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
 x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer
+X509 CRT parse Authority Key Id - Wrong Issuer sequence
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA

From 690ff698f72ae642de359477cc762c891ea69cc1 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Mon, 15 May 2023 09:54:02 +0200
Subject: [PATCH 2/3] mbedtls_x509_crt_free: release authorityCertIssuer
 sequence

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/x509_crt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6d62e4494a..5491b55bf0 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -3195,6 +3195,7 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
         mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next);
         mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next);
         mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next);
+        mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next);
 
         if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
             mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);

From da97ad9f14c0c3652be294aa9c52cb1122598626 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Tue, 16 May 2023 13:29:56 +0200
Subject: [PATCH 3/3] Use valid MD5 dependency for test

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 tests/suites/test_suite_x509parse.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 46fa1e8f39..19bf51aed7 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -3317,5 +3317,5 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f
 
 # clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer
 X509 CRT parse Authority Key Id - Wrong Issuer sequence
-depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C
 x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA