WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for possible leak with openssl comatibility API `wolfSSL_d2i_ECDSA_SIG` when fast math is disabled.

pull/1854/head
David Garske 2018-09-27 11:39:30 -07:00
parent d30c45a79c
commit f19f803098
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ssl.c
View File

@ -22173,11 +22173,11 @@ WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
} }
InitwolfSSL_BigNum(external); InitwolfSSL_BigNum(external);
external->internal = mpi;
if (mp_init(mpi) != MP_OKAY) { if (mp_init(mpi) != MP_OKAY) {
wolfSSL_BN_free(external); wolfSSL_BN_free(external);
return NULL; return NULL;
} }
external->internal = mpi;
return external; return external;
} }
@ -22188,7 +22188,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
WOLFSSL_MSG("wolfSSL_BN_free"); WOLFSSL_MSG("wolfSSL_BN_free");
if (bn) { if (bn) {
if (bn->internal) { if (bn->internal) {
mp_forcezero((mp_int*)bn->internal); mp_int* bni = (mp_int*)bn->internal;
mp_forcezero(bni);
mp_free(bni);
XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT); XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
bn->internal = NULL; bn->internal = NULL;
} }
@ -27541,6 +27543,10 @@ WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
return NULL; return NULL;
} }
/* DecodeECC_DSA_Sig calls mp_init, so free these */
mp_free((mp_int*)s->r->internal);
mp_free((mp_int*)s->s->internal);
if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal, if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
(mp_int*)s->s->internal) != MP_OKAY) { (mp_int*)s->s->internal) != MP_OKAY) {
if (sig == NULL || *sig == NULL) if (sig == NULL || *sig == NULL)