TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e5049f46d485fadb3c7aa5cd098dd1bcac86c242^! / .
commite5049f46d485fadb3c7aa5cd098dd1bcac86c242[log] [tgz]
authorSimon Butcher <simon.butcher@arm.com>Sat Jan 02 01:24:15 2016 +0000
committerSimon Butcher <simon.butcher@arm.com>Sat Jan 02 01:24:15 2016 +0000
tree9c59afd5e79606373de6b1c862938d795a3bb5a9
parentc3f9229d49a42e61a7f75b565af0ff9f38af20dc [diff]
Fix for memory leak in RSA-SSA signing

Fix in rsa_rsassa_pkcs1_v15_sign() in rsa.c. Resolves github issue #372

diff --git a/ChangeLog b/ChangeLog
index 4d22cf5..af97da6 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,8 @@
    * Fix bug in certificate validation that caused valid chains to be rejected
      when the first intermediate certificate has pathLenConstraint=0. Found by
      Nicholas Wilson. Introduced in mbed TLS 1.3.15. #280
+   * Removed potential leak in rsa_rsassa_pkcs1_v15_sign(), found by
+     JayaraghavendranK. #372
 
 = Version 1.2.18 released 2015-11-04
 

diff --git a/library/rsa.c b/library/rsa.c
index 9fe62d1..deade5c 100644
--- a/library/rsa.c
+++ b/library/rsa.c

@@ -1034,10 +1034,16 @@
      * temporary buffer and check it before returning it.
      */
     sig_try = malloc( ctx->len );
-    verif   = malloc( ctx->len );
-    if( sig_try == NULL || verif == NULL )
+    if( sig_try == NULL )
         return( POLARSSL_ERR_MPI_MALLOC_FAILED );
 
+    verif   = malloc( ctx->len );
+    if( verif == NULL )
+    {
+        free( sig_try );
+        return( POLARSSL_ERR_MPI_MALLOC_FAILED );
+    }
+
     MPI_CHK( rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
     MPI_CHK( rsa_public( ctx, sig_try, verif ) );