From 763ee3c6b46d591135e3576c41f944c92568f104 Mon Sep 17 00:00:00 2001
From: Leonid Rozenboim <leonid.rozenboim@oracle.com>
Date: Thu, 21 Apr 2022 13:05:10 -0700
Subject: [PATCH 1/3] Fix resource leaks

These potential leaks were flagged by the Coverity static analyzer.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
---
 library/pkparse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 535ed70eb1..8dc2f93f69 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1465,8 +1465,10 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
         if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
 
-        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
+        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) {
+            mbedtls_pem_free( &pem );
             return( ret );
+        }
 
         if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
             mbedtls_pk_free( ctx );

From b39b4999324770e17e53e15ff5fc40183b4ab577 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Fri, 13 May 2022 17:08:36 +0100
Subject: [PATCH 2/3] Add pem_free() to other error paths in
 pk_parse_public_key()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/pkparse.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index 8dc2f93f69..36ddbeec4d 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1462,10 +1462,14 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
     if( ret == 0 )
     {
         p = pem.buf;
-        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
+        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA )) == NULL )
+        {
+            mbedtls_pem_free( &pem );
             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+        }
 
-        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) {
+        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
+        {
             mbedtls_pem_free( &pem );
             return( ret );
         }

From cd5e671b5aef0dffeb83aa173efa14e125d273cd Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 5 Jul 2022 10:28:46 -0400
Subject: [PATCH 3/3] Add a changelog entry for pkparse bugs Signed-off-by:
 Andrzej Kurek <andrzej.kurek@arm.com>

---
 ChangeLog.d/fix_some_resource_leaks.txt | 4 ++++
 library/pkparse.c                       | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 ChangeLog.d/fix_some_resource_leaks.txt

diff --git a/ChangeLog.d/fix_some_resource_leaks.txt b/ChangeLog.d/fix_some_resource_leaks.txt
new file mode 100644
index 0000000000..f8db3f2911
--- /dev/null
+++ b/ChangeLog.d/fix_some_resource_leaks.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix resource leaks in mbedtls_pk_parse_public_key() in low
+     memory conditions.
+
diff --git a/library/pkparse.c b/library/pkparse.c
index 36ddbeec4d..f3431da978 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1462,7 +1462,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
     if( ret == 0 )
     {
         p = pem.buf;
-        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA )) == NULL )
+        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
         {
             mbedtls_pem_free( &pem );
             return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );