Fix for memory leak in RSA-SSA signing

Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372
2024-11-26 00:05:36 +01:00 · 2016-01-02 00:03:39 +00:00 · 2016-01-02 00:03:39 +00:00 · 7d3f3a8ac8
commit 7d3f3a8ac8
parent a192c8f5d8
2 changed files with 10 additions and 2 deletions
--- a/2
+++ b/2
@ -7,6 +7,8 @@ Bugfix
   * Fix bug in certificate validation that caused valid chains to be rejected
     when the first intermediate certificate has pathLenConstraint=0. Found by
     Nicholas Wilson. Introduced in mbed TLS 1.3.15. #280
+   * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by
+     JayaraghavendranK. #372

 = mbed TLS 1.3.15 released 2015-11-04

--- a/library/rsa.c
+++ b/library/rsa.c
@ -1082,10 +1082,16 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
     * temporary buffer and check it before returning it.
     */
    sig_try = polarssl_malloc( ctx->len );
-    verif   = polarssl_malloc( ctx->len );
-    if( sig_try == NULL || verif == NULL )
+    if( sig_try == NULL )
        return( POLARSSL_ERR_MPI_MALLOC_FAILED );

+    verif   = polarssl_malloc( ctx->len );
+    if( verif == NULL )
+    {
+        polarssl_free( sig_try );
+        return( POLARSSL_ERR_MPI_MALLOC_FAILED );
+    }
+
    MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
    MPI_CHK( rsa_public( ctx, sig_try, verif ) );