Fix potential double-free in ssl_conf_psk()

commit: 173c79072289641cc9efa4456212c16bc7aaa1ca [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 20 19:56:45 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 20 19:56:45 2015 +0200
tree: 9c1724f6563c653a0710cc66795073004a09bbac
parent: c8cd2c6577e0b8b7641d279c76607b5c166e9a37 [diff]
diff --git a/ChangeLog b/ChangeLog
index aa96b18..0b6c20d 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.2.0 released 2015-10-xx
+
+Security
+   * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
+     once and some allocation fails. Cannot be forced remotely. Found by Guido
+     Vranken, Intelworks.
+
 = mbed TLS 2.1.2 released 2015-10-06
 
 Security

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9142be8..991be17 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5701,6 +5701,8 @@
     {
         mbedtls_free( conf->psk );
         mbedtls_free( conf->psk_identity );
+        conf->psk = NULL;
+        conf->psk_identity = NULL;
     }
 
     if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
commit	173c79072289641cc9efa4456212c16bc7aaa1ca	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Oct 20 19:56:45 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Oct 20 19:56:45 2015 +0200
tree	9c1724f6563c653a0710cc66795073004a09bbac
parent	c8cd2c6577e0b8b7641d279c76607b5c166e9a37 [diff]