Fix memory leak in mbedtls_md_setup with HMAC
mbedtls_md_setup() allocates a hash-specific context and then, if requested, an extra HMAC context. If the second allocation failed, the hash context was not freed. Fix this by ensuring that the mbedtls_md_context_t object is always in a consistent state, in particular, that the md_info field is always set. For robustness, ensure that the object is in a consistent state even on errors (other than BAD_INPUT_DATA if the object was not in a consistent state on entry). Fix #3486 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
0ca6d38bc3
commit
d15c740df6
3
ChangeLog.d/md_setup-leak.txt
Normal file
3
ChangeLog.d/md_setup-leak.txt
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
Bugfix
|
||||||
|
* Fix a memory leak in mbedtls_md_setup() when using HMAC under low memory
|
||||||
|
conditions. Reported and fix suggested by Guido Vranken in #3486.
|
||||||
@ -413,6 +413,10 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
|
|||||||
if( md_info == NULL || ctx == NULL )
|
if( md_info == NULL || ctx == NULL )
|
||||||
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
ctx->md_info = md_info;
|
||||||
|
ctx->md_ctx = NULL;
|
||||||
|
ctx->hmac_ctx = NULL;
|
||||||
|
|
||||||
switch( md_info->type )
|
switch( md_info->type )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_MD2_C)
|
#if defined(MBEDTLS_MD2_C)
|
||||||
@ -468,8 +472,6 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx->md_info = md_info;
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#undef ALLOC
|
#undef ALLOC
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user