Fix memory leak in mbedtls_x509_crl_parse()
The memory leak call was caused by missing calls to mbedtls_pem_free()
when a MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was
encountered.
diff --git a/ChangeLog b/ChangeLog
index f7e00c3..121fbd5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,9 @@
cause buffer bound checks to be bypassed. Found by Eyal Itkin.
* Fixed heap overreads in mbedtls_x509_get_time(). Found by Peng
Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America.
+ * Fix potential memory leak in mbedtls_x509_crl_parse(). The leak was caused
+ by missing calls to mbedtls_pem_free() in cases when a
+ MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT error was encountered.
= mbed TLS 2.4.1 branch released 2016-12-13
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 5b0adef..76c49f1 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -525,16 +525,17 @@
if( ( ret = mbedtls_x509_crl_parse_der( chain,
pem.buf, pem.buflen ) ) != 0 )
{
+ mbedtls_pem_free( &pem );
return( ret );
}
-
- mbedtls_pem_free( &pem );
}
else if( is_pem )
{
mbedtls_pem_free( &pem );
return( ret );
}
+
+ mbedtls_pem_free( &pem );
}
/* In the PEM case, buflen is 1 at the end, for the terminated NULL byte.
* And a valid CRL cannot be less than 1 byte anyway. */