Fix for memory leak in RSA-SSA signing
Fix in mbedtls_rsa_rsassa_pkcs1_v15_sign() in rsa.c
This commit is contained in:
parent
c4a6ce6a4c
commit
1285ab5dc2
2 changed files with 11 additions and 3 deletions
|
@ -13,8 +13,10 @@ Bugfix
|
|||
* Fix bug in certificate validation that caused valid chains to be rejected
|
||||
when the first intermediate certificate has pathLenConstraint=0. Found by
|
||||
Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280
|
||||
* Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by
|
||||
JayaraghavendranK. #372
|
||||
|
||||
Changes
|
||||
Change
|
||||
* To avoid dropping an entire DTLS datagram if a single record in a datagram
|
||||
is invalid, we now only drop the record and look at subsequent records (if
|
||||
any are presemt) in the same datagram to avoid interoperability issues.
|
||||
|
|
|
@ -1086,10 +1086,16 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||
* temporary buffer and check it before returning it.
|
||||
*/
|
||||
sig_try = mbedtls_calloc( 1, ctx->len );
|
||||
verif = mbedtls_calloc( 1, ctx->len );
|
||||
if( sig_try == NULL || verif == NULL )
|
||||
if( sig_try == NULL )
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
|
||||
verif = mbedtls_calloc( 1, ctx->len );
|
||||
if( verif == NULL )
|
||||
{
|
||||
mbedtls_free( sig_try );
|
||||
return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
|
||||
}
|
||||
|
||||
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
|
||||
|
||||
|
|
Loading…
Reference in a new issue