Add missing deallocation of subject alt name
Since mbedtls_x509_get_name allocates memory
when parsing a directoryName, deallocation
has to be performed if anything fails in the
meantime.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 73730dc..0cb8aa0 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -379,8 +379,10 @@
/**
* \brief This function parses an item in the SubjectAlternativeNames
- * extension. Please note that mbedtls_x509_free_subject_alt_name
- * has to be called to dispose of the structure afterwards.
+ * extension. Please note that this function might allocate
+ * additional memory for a subject alternative name, thus
+ * mbedtls_x509_free_subject_alt_name has to be called
+ * to dispose of the structure afterwards.
*
* \param san_buf The buffer holding the raw data item of the subject
* alternative name.
diff --git a/library/x509.c b/library/x509.c
index 4b4e1b6..c9524c9 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1590,10 +1590,15 @@
case MBEDTLS_X509_SAN_DIRECTORY_NAME:
{
ret = mbedtls_snprintf(p, n, "\n%s directoryName : ", prefix);
+ if (ret < 0 || (size_t) ret >= n) {
+ mbedtls_x509_free_subject_alt_name(&san);
+ }
+
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name);
if (ret < 0) {
+ mbedtls_x509_free_subject_alt_name(&san);
return ret;
}
@@ -1611,7 +1616,7 @@
}
/* So far memory is freed only in the case of directoryName
- * parsing succeeding, as mbedtls_x509_dn_gets allocates memory. */
+ * parsing succeeding, as mbedtls_x509_get_name allocates memory. */
mbedtls_x509_free_subject_alt_name(&san);
cur = cur->next;
}