From 5708dcb36882a1e91f1f8f657e3355bc42b18988 Mon Sep 17 00:00:00 2001
From: Andres AG <andres.amayagarcia@arm.com>
Date: Thu, 8 Dec 2016 17:19:21 +0000
Subject: [PATCH] Fix memory leak in mbedtls_x509_crl_parse()

The memory leak call was caused by missing calls to mbedtls_pem_free()
when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was
encountered.
---
 ChangeLog          | 3 +++
 library/x509_crl.c | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1443bcb6e..e77053150 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,9 @@ Bugfix
      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
    * Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng
      Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
+   * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused
+     by missing calls to mbedtls_pem_free() in cases when a
+     MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered.
 
 = mbed TLS 2.4.1 branch released 2016-12-13
 
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 5b0adeffc..76c49f135 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -525,16 +525,17 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
             if( ( ret = mbedtls_x509_crl_parse_der( chain,
                                             pem.buf, pem.buflen ) ) != 0 )
             {
+                mbedtls_pem_free( &pem );
                 return( ret );
             }
-
-            mbedtls_pem_free( &pem );
         }
         else if( is_pem )
         {
             mbedtls_pem_free( &pem );
             return( ret );
         }
+
+        mbedtls_pem_free( &pem );
     }
     /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
      * And a valid CRL cannot be less than 1 byte anyway. */