Fix potential double-free in ssl_set_psk()

Internal ref: IOTSSL-517
2024-11-22 16:25:43 +01:00 · 2015-10-27 10:54:53 +01:00 · 2015-10-27 10:54:53 +01:00 · 9c52176776
commit 9c52176776
parent ad9c68ab21
2 changed files with 9 additions and 0 deletions
--- a/7
+++ b/7
@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS 1.3.15 released 2015-10-xx
+
+Security
+   * Fix potential double free if ssl_set_psk() is called more than once and
+     some allocation fails. Cannot be forced remotely. Found by Guido Vranken,
+     Intelworks.
+
 = mbed TLS 1.3.14 released 2015-10-06

 Security
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4058,6 +4058,8 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
    {
        polarssl_free( ssl->psk );
        polarssl_free( ssl->psk_identity );
+        ssl->psk = NULL;
+        ssl->psk_identity = NULL;
    }

    if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL ||