Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 4632083c78c29024351b35cb5e310a8ffd89de25^! / .
commit4632083c78c29024351b35cb5e310a8ffd89de25[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Wed Jul 03 14:01:52 2013 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Wed Jul 03 17:22:31 2013 +0200
treebe559cba5d8b5e3a4a7cb51c0a55999a70cf368b
parente07c431eb31faf03c689c181301a86e865b4709c [diff]
Removed memory leaks in PKCS#5 functions

diff --git a/library/pkcs5.c b/library/pkcs5.c
index 7a30d78..9e3ce93 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c

@@ -120,6 +120,9 @@
     p = pbe_params->p;
     end = p + pbe_params->len;
 
+    memset( &md_ctx, 0, sizeof(md_context_t) );
+    memset( &cipher_ctx, 0, sizeof(cipher_context_t) );
+
     /*
      *  PBES2-params ::= SEQUENCE {
      *    keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
@@ -170,33 +173,37 @@
     memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
 
     if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
+        goto exit;
 
     if ( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
                                     iterations, keylen, key ) ) != 0 )
     {
-        return( ret );
+        goto exit;
     }
 
+    if( ( ret = cipher_init_ctx( &cipher_ctx, cipher_info ) ) != 0 )
+        goto exit;
+
     if( ( ret = cipher_setkey( &cipher_ctx, key, keylen, mode ) ) != 0 )
-        return( ret );
+        goto exit;
 
     if( ( ret = cipher_reset( &cipher_ctx, iv ) ) != 0 )
-        return( ret );
+        goto exit;
 
     if( ( ret = cipher_update( &cipher_ctx, data, datalen,
                                 output, &olen ) ) != 0 )
     {
-        return( ret );
+        goto exit;
     }
 
     if( ( ret = cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
-        return( POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH );
+        ret = POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH;
 
-    return( 0 );
+exit:
+    md_free_ctx( &md_ctx );
+    cipher_free_ctx( &cipher_ctx );
+
+    return( ret );
 }
 
 int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
@@ -366,7 +373,8 @@
 
     printf( "\n" );
 
-    md_free_ctx( &sha1_ctx );
+    if( ( ret = md_free_ctx( &sha1_ctx ) ) != 0 )
+        return( 1 );
 
     return( 0 );
 }