Merge pull request #980 from Mbed-TLS/mbedtls-3.3.0rc1-pr
Mbedtls 3.3.0rc1 pr - Correct PKCS 7 memory leak fix
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 5b22afa..9100980 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -253,6 +253,24 @@
return( 0 );
}
+static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
+{
+ mbedtls_x509_name *name_cur;
+ mbedtls_x509_name *name_prv;
+
+ if( signer == NULL )
+ return;
+
+ name_cur = signer->issuer.next;
+ while( name_cur != NULL )
+ {
+ name_prv = name_cur;
+ name_cur = name_cur->next;
+ mbedtls_free( name_prv );
+ }
+ signer->issuer.next = NULL;
+}
+
/**
* SignerInfo ::= SEQUENCE {
* version Version;
@@ -329,33 +347,16 @@
ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
out:
- if( asn1_ret != 0 )
+ if( asn1_ret != 0 || ret != 0 )
+ {
+ pkcs7_free_signer_info( signer );
ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,
asn1_ret );
- else if( ret != 0 )
- ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO;
+ }
return( ret );
}
-static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer )
-{
- mbedtls_x509_name *name_cur;
- mbedtls_x509_name *name_prv;
-
- if( signer == NULL )
- return;
-
- name_cur = signer->issuer.next;
- while( name_cur != NULL )
- {
- name_prv = name_cur;
- name_cur = name_cur->next;
- mbedtls_free( name_prv );
- }
- signer->issuer.next = NULL;
-}
-
/**
* SignerInfos ::= SET of SignerInfo
* Return number of signers added to the signed data,
@@ -387,7 +388,7 @@
ret = pkcs7_get_signer_info( p, end_set, signers_set );
if( ret != 0 )
- goto cleanup;
+ return( ret );
count++;
mbedtls_pkcs7_signer_info *prev = signers_set;
diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
index f3cbb62..571d5ad 100644
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@@ -68,7 +68,7 @@
pkcs7_get_signers_info_set error handling (4541044530479104)
depends_on:MBEDTLS_RIPEMD160_C
-pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+pkcs7_parse:"data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
PKCS7 Only Signed Data Parse Pass #15
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C