From 173c79072289641cc9efa4456212c16bc7aaa1ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Oct 2015 19:56:45 +0200 Subject: [PATCH] Fix potential double-free in ssl_conf_psk() --- ChangeLog | 7 +++++++ library/ssl_tls.c | 2 ++ 2 files changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index aa96b1848..0b6c20d2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.2.0 released 2015-10-xx + +Security + * Fix potential double free if mbedtls_ssl_conf_psk() is called more than + once and some allocation fails. Cannot be forced remotely. Found by Guido + Vranken, Intelworks. + = mbed TLS 2.1.2 released 2015-10-06 Security diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9142be856..991be17d5 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5701,6 +5701,8 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, { mbedtls_free( conf->psk ); mbedtls_free( conf->psk_identity ); + conf->psk = NULL; + conf->psk_identity = NULL; } if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||