Merge branch 'iotssl-517-double-free-restricted' into development-restricted * iotssl-517-double-free-restricted: Fix potential double-free in ssl_conf_psk()

commit: f8b2442e2f812e0dbba378f13d3522c64ffa9f67 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Nov 02 11:03:32 2015 +0900
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Nov 02 11:03:32 2015 +0900
tree: 224b3df0dd14a6c2a7afca9315e4fe5c1b6049db
parent: ce0e3f7f5c3052f4c4fc4b3b970bac735a3704d4 [diff]
parent: 173c79072289641cc9efa4456212c16bc7aaa1ca [diff]
diff --git a/ChangeLog b/ChangeLog
index 290f775..8a25860 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,9 @@
 = mbed TLS 2.2.0 released 2015-10-xx
 
 Security
+   * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
+     once and some allocation fails. Cannot be forced remotely. Found by Guido
+     Vranken, Intelworks.
    * The X509 max_pathlen constraint was not enforced on intermediate
      certificates. Found by Nicholas Wilson, fix and tests provided by
      Janos Follath. #280 and #319

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4577849..8969b4b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5772,6 +5772,8 @@
     {
         mbedtls_free( conf->psk );
         mbedtls_free( conf->psk_identity );
+        conf->psk = NULL;
+        conf->psk_identity = NULL;
     }
 
     if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
commit	f8b2442e2f812e0dbba378f13d3522c64ffa9f67	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Nov 02 11:03:32 2015 +0900
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Nov 02 11:03:32 2015 +0900
tree	224b3df0dd14a6c2a7afca9315e4fe5c1b6049db
parent	ce0e3f7f5c3052f4c4fc4b3b970bac735a3704d4 [diff]
parent	173c79072289641cc9efa4456212c16bc7aaa1ca [diff]