From bfaf4a47fd33da860796feaba6235847acb71127 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Thu, 26 Feb 2026 11:57:17 +0000
Subject: [PATCH] Fix null pointer dereference in string to names

In mbedtls_x509_string_to_names() we were not checking for allocation
failures. An allocation failure would lead to a memcpy() to a null
pointer address.

Fix this by checking the result of the call to mbedtls_calloc() and
returning MBEDTLS_ERR_X509_ALLOC_FAILED in the error case.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/x509_create.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/x509_create.c b/library/x509_create.c
index 420e36b81b..fc23fb865f 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -310,6 +310,9 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam
             } else {
                 oid.len = strlen(attr_descr->oid);
                 oid.p = mbedtls_calloc(1, oid.len);
+                if (oid.p == NULL) {
+                    return MBEDTLS_ERR_X509_ALLOC_FAILED;
+                }
                 memcpy(oid.p, attr_descr->oid, oid.len);
                 numericoid = 0;
             }