Fix runtime error in cert_write & cert_req
The runtime error was introduced two commits ago (while avoiding a
use-after-free). Now the programs run cleanly but still leak memory.
The memory leak is long pre-existing and larger than just DN components
(which are made temporarily slightly worse by this commit) and will be
fixed properly in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 995ee49..c399021 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -150,7 +150,6 @@
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev;
- mbedtls_asn1_named_data *ext_san_dirname = NULL;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 };
#endif
@@ -274,7 +273,12 @@
cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
- if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ /* Work around an API mismatch between string_to_names() and
+ * mbedtls_x509_subject_alternative_name, which holds an
+ * actual mbedtls_x509_name while a pointer to one would be
+ * more convenient here. */
+ mbedtls_asn1_named_data *tmp_san_dirname = NULL;
+ if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
subtype_value)) != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(
@@ -283,7 +287,9 @@
(unsigned int) -ret, buf);
goto exit;
}
- cur->node.san.directory_name = *ext_san_dirname;
+ cur->node.san.directory_name = *tmp_san_dirname;
+ mbedtls_free(tmp_san_dirname);
+ tmp_san_dirname = NULL;
} else {
mbedtls_free(cur);
goto usage;
@@ -492,7 +498,6 @@
}
mbedtls_x509write_csr_free(&req);
- mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);