Fix potential double-free in ssl_set_psk()

2026-05-11 06:28:17 +02:00 · 2015-09-28 18:09:45 +02:00
parent 9bf29bee22
commit 5aff029f9d
2 changed files with 5 additions and 0 deletions
--- a/3
+++ b/3
@@ -15,6 +15,9 @@ Security
     on crafted PEM input data. Found an fix provided by Guid Vranken.
     Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
     data from an untrusted source.
+   * Fix potential double-free if ssl_set_psk() is called repeatedly on
+     the same ssl_context object and some memory allocations fail.
+     Found by Guido Vranken. Can not be forced remotely.

 = mbed TLS 1.3.13 reladsed 2015-09-17

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4064,7 +4064,9 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
        ( ssl->psk_identity = polarssl_malloc( psk_identity_len ) ) == NULL )
    {
        polarssl_free( ssl->psk );
+        polarssl_free( ssl->psk_identity );
        ssl->psk = NULL;
+        ssl->psk_identity = NULL;
        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
    }