Fix potential double-free in ssl_set_psk()

commit: 5aff029f9d2b8db78da64655c6808a1dfac6f64f [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Sep 28 18:09:45 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Oct 01 09:58:50 2015 +0200
tree: e76f485c2898bf98045e359db1d6d7fdbf8ba0c7
parent: 9bf29bee22d85d370388683e708412bf0eecfc43 [diff]
diff --git a/ChangeLog b/ChangeLog
index 89caddb..14ae034 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -15,6 +15,9 @@
      on crafted PEM input data. Found an fix provided by Guid Vranken.
      Not triggerable remotely in TLS. Triggerable remotely if you accept PEM
      data from an untrusted source.
+   * Fix potential double-free if ssl_set_psk() is called repeatedly on
+     the same ssl_context object and some memory allocations fail.
+     Found by Guido Vranken. Can not be forced remotely.
 
 = mbed TLS 1.3.13 reladsed 2015-09-17
 

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 96e867b..f16bb53 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -4064,7 +4064,9 @@
         ( ssl->psk_identity = polarssl_malloc( psk_identity_len ) ) == NULL )
     {
         polarssl_free( ssl->psk );
+        polarssl_free( ssl->psk_identity );
         ssl->psk = NULL;
+        ssl->psk_identity = NULL;
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
commit	5aff029f9d2b8db78da64655c6808a1dfac6f64f	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Sep 28 18:09:45 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Oct 01 09:58:50 2015 +0200
tree	e76f485c2898bf98045e359db1d6d7fdbf8ba0c7
parent	9bf29bee22d85d370388683e708412bf0eecfc43 [diff]