commit 6d49ae92233a6bd1442ecc5aff4ccec4c82719cc
author Andrzej Kurek <andrzej.kurek@arm.com> Wed Nov 07 03:19:08 2018 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Thu Nov 22 13:37:14 2018 -0500
tree eb56fa1517500a6b17237c5e6fdf879c50f0d95c
parent 1e3b6865d7197e023735d364f6316963cb1b2686

pk_wrap: nullify the signature pointer on error in extract_ecdsa_sig

Fix a double free error in ecdsa_verify_wrap

library/pk_wrap.c

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 4a74621..3e150a2 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -576,10 +576,11 @@
     memcpy( sig->p, *p, len_partial );
     len_signature = len_partial;
     ( *p ) += len_partial;
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len_partial, MBEDTLS_ASN1_INTEGER ) )
-         != 0 )
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len_partial,
+                                      MBEDTLS_ASN1_INTEGER ) ) != 0 )
     {
         mbedtls_free( sig->p );
+        sig->p = NULL;
         return( ret );
     }
 
@@ -684,10 +685,7 @@
     psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
 
     if( extract_ecdsa_sig( &p, p + sig_len, &signature ) != 0 )
-    {
-        ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-        goto cleanup;
-    }
+        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
     key_len = mbedtls_pk_write_pubkey_der( &key, buf, buf_len );
     if( key_len <= 0 )