cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-24 05:00:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory leak in cert_write & cert_req

Browse Source 
That memory leak had been present ever since the san command-line
argument has been added.

Tested that the following invocation is now fully valgrind clean:

programs/x509/cert_write san=DN:C=NL,CN=#0000,CN=foo;DN:CN=#0000,O=foo,OU=bar,C=UK;IP:1.2.3.4;IP:4.3.2.1;URI:http\\://example.org/;URI:foo;DNS:foo.example.org;DNS:bar.example.org

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2025-05-05 17:31:35 +02:00
parent 6b1147993c
commit b095862722
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
programs/x509/cert_req.c
View File

@ -495,6 +495,23 @@ exit:
#endif #endif
} }
cur = opt.san_list;
while (cur != NULL) {
mbedtls_x509_san_list *next = cur->next;
/* Note: mbedtls_x509_free_subject_alt_name() is not what we want here.
* It's the right thing for entries that were parsed from a certificate,
* where pointers are to the raw certificate, but here all the
* pointers were allocated while parsing from a user-provided string. */
if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
mbedtls_x509_name dn = cur->node.san.directory_name;
mbedtls_free(dn.oid.p);
mbedtls_free(dn.val.p);
mbedtls_asn1_free_named_data_list(&dn.next);
}
mbedtls_free(cur);
cur = next;
}
mbedtls_x509write_csr_free(&req); mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key); mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_ctr_drbg_free(&ctr_drbg);

17
programs/x509/cert_write.c
View File

@ -997,6 +997,23 @@ usage:
exit_code = MBEDTLS_EXIT_SUCCESS; exit_code = MBEDTLS_EXIT_SUCCESS;
exit: exit:
cur = opt.san_list;
while (cur != NULL) {
mbedtls_x509_san_list *next = cur->next;
/* Note: mbedtls_x509_free_subject_alt_name() is not what we want here.
* It's the right thing for entries that were parsed from a certificate,
* where pointers are to the raw certificate, but here all the
* pointers were allocated while parsing from a user-provided string. */
if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
mbedtls_x509_name dn = cur->node.san.directory_name;
mbedtls_free(dn.oid.p);
mbedtls_free(dn.val.p);
mbedtls_asn1_free_named_data_list(&dn.next);
}
mbedtls_free(cur);
cur = next;
}
#if defined(MBEDTLS_X509_CSR_PARSE_C) #if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedtls_x509_csr_free(&csr); mbedtls_x509_csr_free(&csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */ #endif /* MBEDTLS_X509_CSR_PARSE_C */