Fix potential double-free in ssl_conf_psk()

2015-10-20 19:56:45 +02:00 · 2015-10-20 19:56:45 +02:00 · 173c790722
commit 173c790722
parent c8cd2c6577
2 changed files with 9 additions and 0 deletions
--- a/7
+++ b/7
@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)

+= mbed TLS 2.2.0 released 2015-10-xx
+
+Security
+   * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
+     once and some allocation fails. Cannot be forced remotely. Found by Guido
+     Vranken, Intelworks.
+
 = mbed TLS 2.1.2 released 2015-10-06

 Security
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5701,6 +5701,8 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
    {
        mbedtls_free( conf->psk );
        mbedtls_free( conf->psk_identity );
+        conf->psk = NULL;
+        conf->psk_identity = NULL;
    }

    if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||