Merge branch 'mbedtls-2.1'

Merge of fix for memory leak in RSA-SSA signing - #372
This commit is contained in:
Simon Butcher 2016-01-01 23:37:07 +00:00
commit 28b35c02f7
2 changed files with 11 additions and 3 deletions

View File

@ -14,8 +14,10 @@ Bugfix
* Fix bug in certificate validation that caused valid chains to be rejected
when the first intermediate certificate has pathLenConstraint=0. Found by
Nicholas Wilson. Introduced in mbed TLS 2.1.4. #280
* Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by
JayaraghavendranK. #372
Changes
Change
* To avoid dropping an entire DTLS datagram if a single record in a datagram
is invalid, we now only drop the record and look at subsequent records (if
any are present) in the same datagram to avoid interoperability issues.

View File

@ -1086,10 +1086,16 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* temporary buffer and check it before returning it.
*/
sig_try = mbedtls_calloc( 1, ctx->len );
verif = mbedtls_calloc( 1, ctx->len );
if( sig_try == NULL || verif == NULL )
if( sig_try == NULL )
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
verif = mbedtls_calloc( 1, ctx->len );
if( verif == NULL )
{
mbedtls_free( sig_try );
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
}
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );