cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-24 05:00:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix runtime error in cert_write & cert_req

Browse Source 
The runtime error was introduced two commits ago (while avoiding a
use-after-free). Now the programs run cleanly but still leak memory.

The memory leak is long pre-existing and larger than just DN components
(which are made temporarily slightly worse by this commit) and will be
fixed properly in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2025-05-05 17:09:14 +02:00
parent acdcb7fcd1
commit 4dd52b7cfe
2 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
programs/x509/cert_req.c
View File

@ -150,7 +150,6 @@ int main(int argc, char *argv[])
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app"; const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev; mbedtls_x509_san_list *cur, *prev;
mbedtls_asn1_named_data *ext_san_dirname = NULL;
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 }; uint8_t ip[4] = { 0 };
#endif #endif
@ -274,7 +273,12 @@ usage:
cur->node.san.unstructured_name.len = sizeof(ip); cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) { } else if (strcmp(q, "DN") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, /* Work around an API mismatch between string_to_names() and
* mbedtls_x509_subject_alternative_name, which holds an
* actual mbedtls_x509_name while a pointer to one would be
* more convenient here. */
mbedtls_asn1_named_data *tmp_san_dirname = NULL;
if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
subtype_value)) != 0) { subtype_value)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf( mbedtls_printf(
@ -283,7 +287,9 @@ usage:
(unsigned int) -ret, buf); (unsigned int) -ret, buf);
goto exit; goto exit;
} }
cur->node.san.directory_name = *ext_san_dirname; cur->node.san.directory_name = *tmp_san_dirname;
mbedtls_free(tmp_san_dirname);
tmp_san_dirname = NULL;
} else { } else {
mbedtls_free(cur); mbedtls_free(cur);
goto usage; goto usage;
@ -492,7 +498,6 @@ exit:
} }
mbedtls_x509write_csr_free(&req); mbedtls_x509write_csr_free(&req);
mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_pk_free(&key); mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy); mbedtls_entropy_free(&entropy);

13
programs/x509/cert_write.c
View File

@ -312,7 +312,6 @@ int main(int argc, char *argv[])
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "crt example app"; const char *pers = "crt example app";
mbedtls_x509_san_list *cur, *prev; mbedtls_x509_san_list *cur, *prev;
mbedtls_asn1_named_data *ext_san_dirname = NULL;
uint8_t ip[4] = { 0 }; uint8_t ip[4] = { 0 };
/* /*
* Set to sane values * Set to sane values
@ -595,7 +594,12 @@ usage:
cur->node.san.unstructured_name.len = sizeof(ip); cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) { } else if (strcmp(q, "DN") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, /* Work around an API mismatch between string_to_names() and
* mbedtls_x509_subject_alternative_name, which holds an
* actual mbedtls_x509_name while a pointer to one would be
* more convenient here. */
mbedtls_asn1_named_data *tmp_san_dirname = NULL;
if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
subtype_value)) != 0) { subtype_value)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf( mbedtls_printf(
@ -604,7 +608,9 @@ usage:
(unsigned int) -ret, buf); (unsigned int) -ret, buf);
goto exit; goto exit;
} }
cur->node.san.directory_name = *ext_san_dirname; cur->node.san.directory_name = *tmp_san_dirname;
mbedtls_free(tmp_san_dirname);
tmp_san_dirname = NULL;
} else { } else {
mbedtls_free(cur); mbedtls_free(cur);
goto usage; goto usage;
@ -998,7 +1004,6 @@ exit:
#if defined(MBEDTLS_X509_CSR_PARSE_C) #if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedtls_x509_csr_free(&csr); mbedtls_x509_csr_free(&csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */ #endif /* MBEDTLS_X509_CSR_PARSE_C */
mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_x509_crt_free(&issuer_crt); mbedtls_x509_crt_free(&issuer_crt);
mbedtls_x509write_crt_free(&crt); mbedtls_x509write_crt_free(&crt);
mbedtls_pk_free(&loaded_subject_key); mbedtls_pk_free(&loaded_subject_key);