Merge branch 'IOTSSL-621-PotentialIntegerOverflow' into development-restricted
* IOTSSL-621-PotentialIntegerOverflow:
Add precision about exploitability in ChangeLog
Add Changelog entry for current branch
Included tests for the overflow
diff --git a/ChangeLog b/ChangeLog
index 5b88a25..f7b318e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,8 @@
* Fix potential build failures related to the 'apidoc' target, introduced
in the previous patch release. Found by Robert Scheck. #390 #391
* Fix issue in Makefile that prevented building using armar. #386
+ * Fix memory leak that occured only when ECJPAKE was enabled and ECDHE and
+ ECDSA was disabled in config.h . The leak didn't occur by default.
Changes
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4424f56..a4cc1ca 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6949,7 +6949,8 @@
#endif
#endif
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
/* explicit void pointer cast for buggy MS compiler */
mbedtls_free( (void *) handshake->curves );
#endif