Set next sequence of subject_alt_names to NULL

Set the next sequence of the subject_alt_name to NULL when deleting sequence on failure in `get_subject_alt_name()`. Found by Philippe Antoine. Credit to OSS-Fuzz.
2019-05-22 16:41:21 +03:00 · 2019-05-22 16:41:21 +03:00 · 5aebeeb5f4
commit 5aebeeb5f4
parent 31d1432233
2 changed files with 4 additions and 0 deletions
--- a/3
+++ b/3
@ -46,6 +46,9 @@ Bugfix
     for the parameter.
   * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
     sni entry parameter. Reported by inestlerode in #560.
+   * Set the next sequence of the subject_alt_name to NULL when deleting
+     sequence on failure. Found and fix suggested by Philippe Antoine.
+     Credit to OSS-Fuzz.

 API Changes
   * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -681,6 +681,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
                                          sizeof( mbedtls_x509_sequence ) );
                mbedtls_free( seq_prv );
            }
+            subject_alt_name->next = NULL;
            return( ret );
        }