From d7e82ad9bf96f2bca5f9468e6f0dd2cc60071823 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 1 Feb 2021 17:57:41 +0100 Subject: [PATCH] Fix mutex double-free in RSA When MBEDTLS_THREADING_C is enabled, RSA code protects the use of the key with a mutex. mbedtls_rsa_free() frees this mutex by calling mbedtls_mutex_free(). This does not match the usage of mbedtls_mutex_free(), which in general can only be done once. Signed-off-by: Gilles Peskine --- library/rsa.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 7e853b152..65b75d60f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -499,6 +499,9 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, mbedtls_rsa_set_padding( ctx, padding, hash_id ); #if defined(MBEDTLS_THREADING_C) + /* Set ctx->ver to nonzero to indicate that the mutex has been + * initialized and will need to be freed. */ + ctx->ver = 1; mbedtls_mutex_init( &ctx->mutex ); #endif } @@ -2325,7 +2328,6 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) { int ret; - dst->ver = src->ver; dst->len = src->len; MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) ); @@ -2375,7 +2377,12 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) #endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + /* Free the mutex, but only if it hasn't been freed already. */ + if( ctx->ver != 0 ) + { + mbedtls_mutex_free( &ctx->mutex ); + ctx->ver = 0; + } #endif }