From ffb81807336a194eefbbac2f5d60f9c1f9df6a0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Oct 2015 19:56:45 +0200 Subject: [PATCH] Fix potential double-free in ssl_conf_psk() --- ChangeLog | 3 +++ library/ssl_tls.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index c6f8a7ede..ac33f5bf9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.1.3 released 2015-10-xx Security + * Fix potential double free if mbedtls_ssl_conf_psk() is called more than + once and some allocation fails. Cannot be forced remotely. Found by Guido + Vranken, Intelworks. * The X509 max_pathlen constraint was not enforced on intermediate certificates. Found by Nicholas Wilson, fix and tests provided by Janos Follath. #280 and #319 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc1783375..379cce135 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5725,6 +5725,8 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, { mbedtls_free( conf->psk ); mbedtls_free( conf->psk_identity ); + conf->psk = NULL; + conf->psk_identity = NULL; } if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||