Merge pull request #980 from Mbed-TLS/mbedtls-3.3.0rc1-pr

Mbedtls 3.3.0rc1 pr - Correct PKCS 7 memory leak fix
2022-12-13 19:25:58 +00:00 · 2022-12-13 19:25:58 +00:00 · 70f8157ec5
commit 70f8157ec5
parent 2b52a2e412 f7641544ea
2 changed files with 24 additions and 23 deletions
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@ -253,6 +253,24 @@ static int pkcs7_get_signature( unsigned char **p, unsigned char *end,
    return( 0 );
 }

+static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
+{
+    mbedtls_x509_name *name_cur;
+    mbedtls_x509_name *name_prv;
+
+    if( signer == NULL )
+        return;
+
+    name_cur = signer->issuer.next;
+    while( name_cur != NULL )
+    {
+        name_prv = name_cur;
+        name_cur = name_cur->next;
+        mbedtls_free( name_prv );
+    }
+    signer->issuer.next = NULL;
+}
+
 /**
 * SignerInfo ::= SEQUENCE {
 *      version Version;
@ -329,33 +347,16 @@ static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end,
        ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;

 out:
-    if( asn1_ret != 0 )
+    if( asn1_ret != 0 || ret != 0 )
+    {
+        pkcs7_free_signer_info( signer );
        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,
                                    asn1_ret );
-    else if( ret != 0 )
-        ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
+    }

    return( ret );
 }

-static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
-{
-    mbedtls_x509_name *name_cur;
-    mbedtls_x509_name *name_prv;
-
-    if( signer == NULL )
-        return;
-
-    name_cur = signer->issuer.next;
-    while( name_cur != NULL )
-    {
-        name_prv = name_cur;
-        name_cur = name_cur->next;
-        mbedtls_free( name_prv );
-    }
-    signer->issuer.next = NULL;
-}
-
 /**
 * SignerInfos ::= SET of SignerInfo
 * Return number of signers added to the signed data,
@ -387,7 +388,7 @@ static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end,

    ret = pkcs7_get_signer_info( p, end_set, signers_set );
    if( ret != 0 )
-        goto cleanup;
+        return( ret );
    count++;

    mbedtls_pkcs7_signer_info *prev = signers_set;
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@ -68,7 +68,7 @@ pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-62139

 pkcs7_get_signers_info_set error handling (4541044530479104)
 depends_on:MBEDTLS_RIPEMD160_C
-pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+pkcs7_parse:"data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO

 PKCS7 Only Signed Data Parse Pass #15
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C