commit 57207711d8287e1c283797faeb402a1c16d8fc4b
author Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Feb 24 14:03:30 2023 +0100
committer Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Mar 03 12:58:29 2023 +0100
tree 26c7bc9fb365654b45415df297786a0bc3f24e1c
parent 5a49d3cce370822d9c81f4df4c1a3a3fec6723c2

Add MBEDTLS_ASN1_CHK_CLEANUP_ADD macro to be able to release memory on failure

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

library/x509write_csr.c

diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index a1a1206..45e9187 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -99,7 +99,7 @@
     /* Determine the maximum size of the SubjectAltName list */
     while (cur != NULL) {
         /* Calculate size of the required buffer */
-        switch(cur->node.type) {
+        switch (cur->node.type) {
             case MBEDTLS_X509_SAN_DNS_NAME:
             case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
             case MBEDTLS_X509_SAN_IP_ADDRESS:
@@ -139,15 +139,20 @@
             case MBEDTLS_X509_SAN_DNS_NAME:
             case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
             case MBEDTLS_X509_SAN_IP_ADDRESS:
-                MBEDTLS_ASN1_CHK_ADD(len,
-                                     mbedtls_asn1_write_raw_buffer(&p, buf,
-                                                                   (const unsigned char *) cur->node.san.unstructured_name.p,
-                                                                   cur->node.san.unstructured_name.len));
-                MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, cur->node.san.unstructured_name.len));
-                MBEDTLS_ASN1_CHK_ADD(len,
-                                     mbedtls_asn1_write_tag(&p, buf,
-                                                            MBEDTLS_ASN1_CONTEXT_SPECIFIC |
-                                                            cur->node.type));
+                MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
+                                             mbedtls_asn1_write_raw_buffer(&p, buf,
+                                                                           (const unsigned char *)
+                                                                           cur->node.san.
+                                                                           unstructured_name.p,
+                                                                           cur->node.san.
+                                                                           unstructured_name.len));
+                MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf,
+                                                                         cur->node.san.
+                                                                         unstructured_name.len));
+                MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
+                                             mbedtls_asn1_write_tag(&p, buf,
+                                                                    MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+                                                                    cur->node.type));
                 break;
             default:
                 /* Skip unsupported names. */
@@ -156,10 +161,11 @@
         cur = cur->next;
     }
 
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
-    MBEDTLS_ASN1_CHK_ADD(len,
-                         mbedtls_asn1_write_tag(&p, buf,
-                                                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
+    MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
+    MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
+                                 mbedtls_asn1_write_tag(&p, buf,
+                                                        MBEDTLS_ASN1_CONSTRUCTED |
+                                                        MBEDTLS_ASN1_SEQUENCE));
 
     ret = mbedtls_x509write_csr_set_extension(
         ctx,
@@ -169,6 +175,7 @@
         buf + buflen - len,
         len);
 
+cleanup:
     mbedtls_free(buf);
     return ret;
 }