yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 10:05:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
3e60d2a458
mbedtls/library
History
Manuel Pégourié-Gonnard 3e60d2a458 Fix potential double free in cert writing code 
In case an entry with the given OID already exists in the list passed to
mbedtls_asn1_store_named_data() and there is not enough memory to allocate
room for the new value, the existing entry will be freed but the preceding
entry in the list will sill hold a pointer to it. (And the following entries
in the list are no longer reachable.) This results in memory leak or a double
free.

The issue is we want to leave the list in a consistent state on allocation
failure. (We could add a warning that the list is left in inconsistent state
when the function returns NULL, but behaviour changes that require more care
from the user are undesirable, especially in a stable branch.)

The chosen solution is a bit inefficient in that there is a time where both
blocks are allocated, but at least it's safe and this should trump efficiency
here: this code is only used for generating certificates, which is unlikely to
be done on very constrained devices, or to be in the critical loop of
anything. Also, the sizes involved should be fairly small anyway.

fixes #367
2015-12-10 11:24:35 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
aesni.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
arc4.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
asn1parse.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
asn1write.c Fix potential double free in cert writing code 2015-12-10 11:24:35 +01:00
base64.c Fix references to non-standard SIZE_T_MAX 2015-10-05 15:23:11 +01:00
bignum.c Fix two more compiler warnings 2015-12-03 19:09:23 +01:00
blowfish.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
camellia.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ccm.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
certs.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cipher_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cipher.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
CMakeLists.txt Changed version number to 2.1.3 2015-11-04 22:08:33 +00:00
ctr_drbg.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
debug.c Fix macroization of inline in C++ 2015-10-05 11:41:36 +01:00
des.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
dhm.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecdh.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecdsa.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecp_curves.c Fix macroization of inline in C++ 2015-10-05 11:41:36 +01:00
ecp.c Optimize more common cases in ecp_muladd() 2015-10-27 10:30:36 +01:00
entropy_poll.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
entropy.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
error.c Clean up error codes 2015-09-08 11:21:21 +02:00
gcm.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
havege.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
hmac_drbg.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Makefile Fix error when loading libmbedtls.so 2015-08-10 10:17:32 +02:00
md2.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md4.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md5.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
memory_buffer_alloc.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
net.c Fix compile error in net.c with musl libc 2015-10-05 12:17:49 +01:00
oid.c Fix typo in an OID name 2015-11-02 05:58:10 +09:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Merge of IOTSSL-476 - Random malloc in pem_read() 2015-10-05 00:26:36 +01:00
pk_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pk.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs5.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Fix stack buffer overflow in pkcs12 2015-09-28 19:47:50 +02:00
pkparse.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-11-02 10:43:03 +09:00
platform.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ripemd160.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
rsa.c Try to prevent some misuse of RSA functions 2015-10-30 10:57:43 +01:00
sha1.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
sha256.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
sha512.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_cache.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_ciphersuites.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_cli.c Fix warning in some reduced configs 2015-10-28 13:16:56 +01:00
ssl_cookie.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_srv.c Fix potential overflow in CertificateRequest 2015-10-02 11:20:28 +02:00
ssl_ticket.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ssl_tls.c Fix other int casts in bounds checking 2015-11-02 10:43:03 +09:00
threading.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
timing.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
version_features.c Update generated file 2015-09-09 11:50:00 +02:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509_create.c Fix other occurrences of same bounds check issue 2015-11-02 10:43:03 +09:00
x509_crl.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509_crt.c Fix potential heap corruption on Windows 2015-11-02 10:41:13 +09:00
x509_csr.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509write_crt.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509write_csr.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00