Merge branch 'development' into dtls

* development: Fix the fix to ssl_set_psk() Update Changelog Finish fixing memleak in ssl_server2 arg parsing Fix another potential memory leak found by find-mem-leak.cocci. Add a rule for another type of memory leak to find-mem-leak.cocci. Fix a potential memory leak found by find-mem-leak.cocci. Add a semantic patch to find potential memory leaks. Fix whitespace of 369e6c20. Apply the semantic patch rm-malloc-cast.cocci. Add a semantic patch to remove casts of malloc.
2015-02-18 10:25:16 +00:00 · 2015-02-18 10:25:16 +00:00 · cd4cd1dd26
commit cd4cd1dd26
parent cc8980872c f45850c493
4 changed files with 31 additions and 8 deletions
--- a/1
+++ b/1
@ -37,6 +37,7 @@ Bugfix
   * Fix warnings from mingw64 in timing.c (found by kxjklele).
   * Fix potential unintended sign extension in asn1_get_len() on 64-bit
     platforms.
+   * Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).

 Changes
   * Move from SHA-1 to SHA-256 in example programs using signatures
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5463,21 +5463,23 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
    if( psk_len > POLARSSL_PSK_MAX_LEN )
        return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );

-    if( ssl->psk != NULL )
+    if( ssl->psk != NULL || ssl->psk_identity != NULL )
    {
        polarssl_free( ssl->psk );
        polarssl_free( ssl->psk_identity );
    }

+    if( ( ssl->psk = polarssl_malloc( psk_len ) ) == NULL ||
+        ( ssl->psk_identity = polarssl_malloc( psk_identity_len ) ) == NULL )
+    {
+        polarssl_free( ssl->psk );
+        ssl->psk = NULL;
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+    }
+
    ssl->psk_len = psk_len;
    ssl->psk_identity_len = psk_identity_len;

-    ssl->psk = polarssl_malloc( ssl->psk_len );
-    ssl->psk_identity = polarssl_malloc( ssl->psk_identity_len );
-
-    if( ssl->psk == NULL || ssl->psk_identity == NULL )
-        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
-
    memcpy( ssl->psk, psk, ssl->psk_len );
    memcpy( ssl->psk_identity, psk_identity, ssl->psk_identity_len );

--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -643,7 +643,7 @@ psk_entry *psk_parse( char *psk_string )
    while( p <= end )
    {
        if( ( new = polarssl_malloc( sizeof( psk_entry ) ) ) == NULL )
-            return( NULL );
+            goto error;

        memset( new, 0, sizeof( psk_entry ) );

--- a/scripts/find-mem-leak.cocci
+++ b/scripts/find-mem-leak.cocci
@ -0,0 +1,20 @@
+@@
+expression x, y;
+statement S;
+@@
+  x = polarssl_malloc(...);
+  y = polarssl_malloc(...);
+  ...
+* if (x == NULL || y == NULL)
+    S
+
+@@
+expression x, y;
+statement S;
+@@
+  if (
+*   (x = polarssl_malloc(...)) == NULL
+    ||
+*   (y = polarssl_malloc(...)) == NULL
+  )
+    S