Skip to content

Commit 70f8157

Browse files
daverodgmandaverodgman
authored
Merge pull request #980 from Mbed-TLS/mbedtls-3.3.0rc1-pr
Mbedtls 3.3.0rc1 pr - Correct PKCS 7 memory leak fix
2 parents 2b52a2e + f764154 commit 70f8157

File tree

2 files changed

+24
-23
lines changed

2 files changed

+24
-23
lines changed

library/pkcs7.c

Lines changed: 23 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,24 @@ static int pkcs7_get_signature( unsigned char **p, unsigned char *end,
253253
return( 0 );
254254
}
255255

256+
static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
257+
{
258+
mbedtls_x509_name *name_cur;
259+
mbedtls_x509_name *name_prv;
260+
261+
if( signer == NULL )
262+
return;
263+
264+
name_cur = signer->issuer.next;
265+
while( name_cur != NULL )
266+
{
267+
name_prv = name_cur;
268+
name_cur = name_cur->next;
269+
mbedtls_free( name_prv );
270+
}
271+
signer->issuer.next = NULL;
272+
}
273+
256274
/**
257275
* SignerInfo ::= SEQUENCE {
258276
* version Version;
@@ -329,33 +347,16 @@ static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end,
329347
ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
330348

331349
out:
332-
if( asn1_ret != 0 )
350+
if( asn1_ret != 0 || ret != 0 )
351+
{
352+
pkcs7_free_signer_info( signer );
333353
ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,
334354
asn1_ret );
335-
else if( ret != 0 )
336-
ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
355+
}
337356

338357
return( ret );
339358
}
340359

341-
static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
342-
{
343-
mbedtls_x509_name *name_cur;
344-
mbedtls_x509_name *name_prv;
345-
346-
if( signer == NULL )
347-
return;
348-
349-
name_cur = signer->issuer.next;
350-
while( name_cur != NULL )
351-
{
352-
name_prv = name_cur;
353-
name_cur = name_cur->next;
354-
mbedtls_free( name_prv );
355-
}
356-
signer->issuer.next = NULL;
357-
}
358-
359360
/**
360361
* SignerInfos ::= SET of SignerInfo
361362
* Return number of signers added to the signed data,
@@ -387,7 +388,7 @@ static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end,
387388

388389
ret = pkcs7_get_signer_info( p, end_set, signers_set );
389390
if( ret != 0 )
390-
goto cleanup;
391+
return( ret );
391392
count++;
392393

393394
mbedtls_pkcs7_signer_info *prev = signers_set;

tests/suites/test_suite_pkcs7.data

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-62139
6868

6969
pkcs7_get_signers_info_set error handling (4541044530479104)
7070
depends_on:MBEDTLS_RIPEMD160_C
71-
pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
71+
pkcs7_parse:"data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
7272

7373
PKCS7 Only Signed Data Parse Pass #15
7474
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C

0 commit comments

Comments
 (0)