lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Fix undocumented free() in x509_string_to_names()

Browse Source 
Now programs/x509/cert_write san="DN:CN=#0000;DN:CN=#0000" is no longer
crashing with use-after-free, instead it's now failing cleanly:

 failed
  !  mbedtls_x509_string_to_names returned -0x2800 - X509 - Input invalid

That's better of course but still not great, will be fixed by future
commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2025-05-05 16:41:52 +02:00
parent 1782587af2
commit 43a1e733d8
3 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/x509_create.c
View File

@ -467,8 +467,12 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam
unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
size_t data_len = 0;
/* Clear existing chain if present */
mbedtls_asn1_free_named_data_list(head);
/* Ensure the output parameter is not already populated.
* (If it were, overwriting it would likely cause a memory leak.)
*/
if (*head != NULL) {
return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
while (c <= end) {
if (in_attr_type && *c == '=') {