commit 36d904218bbec471dff85e7d337fae63be68940d
author Ron Eldor <ron.eldor@arm.com> Mon Jan 09 15:09:16 2017 +0200
committer Simon Butcher <simon.butcher@arm.com> Thu Jul 27 15:08:01 2017 +0100
tree 7d4bcdc4ef6a707fd561d7d97910f5b6c1da9371
parent 6314068d42c9dca7145a2eb44012742f09a68aab

Resource leak fix on windows platform

Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 7a72030..c81c259 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,9 @@
    * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
      to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
      always be implemented by pthread support. Fix for #696
+   * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
+     In case of failure, when an error occures, goto cleanup.
+     Found by redplait #590
 
 Security
    * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index d7b857e..5ec8551 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1146,7 +1146,10 @@
                                      p, (int) len - 1,
                                      NULL, NULL );
         if( w_ret == 0 )
-            return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+        {
+            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+            goto cleanup;
+        }
 
         w_ret = mbedtls_x509_crt_parse_file( chain, filename );
         if( w_ret < 0 )
@@ -1159,6 +1162,7 @@
     if( GetLastError() != ERROR_NO_MORE_FILES )
         ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
 
+cleanup:
     FindClose( hFind );
 #else /* _WIN32 */
     int t_ret;