Fix potential double-free in ssl_set_psk() Internal ref: IOTSSL-517

commit: 9c521767760d2a3edba4e133e69b1910d79311c9 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 27 10:54:53 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 27 11:47:37 2015 +0100
tree: 8c1881d3ad6cb855f6be7e7bd720c2340d242ba4
parent: ad9c68ab21c4bdd75758ffda60b9221ef7163814 [diff]
diff --git a/ChangeLog b/ChangeLog
index 3ca9268..78664d0 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.15 released 2015-10-xx
+
+Security
+   * Fix potential double free if ssl_set_psk() is called more than once and
+     some allocation fails. Cannot be forced remotely. Found by Guido Vranken,
+     Intelworks.
+
 = mbed TLS 1.3.14 released 2015-10-06
 
 Security

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7fc9d99..166b116 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4058,6 +4058,8 @@
     {
         polarssl_free( ssl->psk );
         polarssl_free( ssl->psk_identity );
+        ssl->psk = NULL;
+        ssl->psk_identity = NULL;
     }
 
     if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL ||
commit	9c521767760d2a3edba4e133e69b1910d79311c9	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Oct 27 10:54:53 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Oct 27 11:47:37 2015 +0100
tree	8c1881d3ad6cb855f6be7e7bd720c2340d242ba4
parent	ad9c68ab21c4bdd75758ffda60b9221ef7163814 [diff]