Fix potential double-free in ssl_conf_psk()

commit: ffb81807336a194eefbbac2f5d60f9c1f9df6a0a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Tue Oct 20 19:56:45 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Mon Nov 02 10:40:14 2015 +0900
tree: 4b0732d3ff8c9faf8a331f44db5ca1db739680c2
parent: e34dcd7ec5e2fc814a750a839c8fd48651c06e44 [diff]
diff --git a/ChangeLog b/ChangeLog
index c6f8a7e..ac33f5b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,9 @@
 = mbed TLS 2.1.3 released 2015-10-xx
 
 Security
+   * Fix potential double free if mbedtls_ssl_conf_psk() is called more than
+     once and some allocation fails. Cannot be forced remotely. Found by Guido
+     Vranken, Intelworks.
    * The X509 max_pathlen constraint was not enforced on intermediate
      certificates. Found by Nicholas Wilson, fix and tests provided by
      Janos Follath. #280 and #319

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bc17833..379cce1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -5725,6 +5725,8 @@
     {
         mbedtls_free( conf->psk );
         mbedtls_free( conf->psk_identity );
+        conf->psk = NULL;
+        conf->psk_identity = NULL;
     }
 
     if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ||
commit	ffb81807336a194eefbbac2f5d60f9c1f9df6a0a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Tue Oct 20 19:56:45 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Mon Nov 02 10:40:14 2015 +0900
tree	4b0732d3ff8c9faf8a331f44db5ca1db739680c2
parent	e34dcd7ec5e2fc814a750a839c8fd48651c06e44 [diff]