commit 70f8157ec5b6d1904f5e88c36c484cc8429a0692
author Dave Rodgman <dave.rodgman@arm.com> Tue Dec 13 19:25:58 2022 +0000
committer GitHub <noreply@github.com> Tue Dec 13 19:25:58 2022 +0000
tree 7e26651b48b34e04ed1dc84a621e8d1a3b0cf02e
parent 2b52a2e412abee9b7933927e6581527ca4a770b5
parent f7641544eafeaf0c71d109fbbec1d9f8aa2e74d8

Merge pull request #980 from Mbed-TLS/mbedtls-3.3.0rc1-pr

Mbedtls 3.3.0rc1 pr - Correct PKCS 7 memory leak fix

library/pkcs7.c

diff --git a/library/pkcs7.c b/library/pkcs7.c
index 5b22afa..9100980 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -253,6 +253,24 @@
     return( 0 );
 }
 
+static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
+{
+    mbedtls_x509_name *name_cur;
+    mbedtls_x509_name *name_prv;
+
+    if( signer == NULL )
+        return;
+
+    name_cur = signer->issuer.next;
+    while( name_cur != NULL )
+    {
+        name_prv = name_cur;
+        name_cur = name_cur->next;
+        mbedtls_free( name_prv );
+    }
+    signer->issuer.next = NULL;
+}
+
 /**
  * SignerInfo ::= SEQUENCE {
  *      version Version;
@@ -329,33 +347,16 @@
         ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
 
 out:
-    if( asn1_ret != 0 )
+    if( asn1_ret != 0 || ret != 0 )
+    {
+        pkcs7_free_signer_info( signer );
         ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,
                                     asn1_ret );
-    else if( ret != 0 )
-        ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
+    }
 
     return( ret );
 }
 
-static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
-{
-    mbedtls_x509_name *name_cur;
-    mbedtls_x509_name *name_prv;
-
-    if( signer == NULL )
-        return;
-
-    name_cur = signer->issuer.next;
-    while( name_cur != NULL )
-    {
-        name_prv = name_cur;
-        name_cur = name_cur->next;
-        mbedtls_free( name_prv );
-    }
-    signer->issuer.next = NULL;
-}
-
 /**
  * SignerInfos ::= SET of SignerInfo
  * Return number of signers added to the signed data,
@@ -387,7 +388,7 @@
 
     ret = pkcs7_get_signer_info( p, end_set, signers_set );
     if( ret != 0 )
-        goto cleanup;
+        return( ret );
     count++;
 
     mbedtls_pkcs7_signer_info *prev = signers_set;

tests/suites/test_suite_pkcs7.data

diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
index f3cbb62..571d5ad 100644
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@@ -68,7 +68,7 @@
 
 pkcs7_get_signers_info_set error handling (4541044530479104)
 depends_on:MBEDTLS_RIPEMD160_C
-pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+pkcs7_parse:"data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
 
 PKCS7 Only Signed Data Parse Pass #15
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C