TLSX_CA_Names_Parse: make sure to do cleanup when smallstack is on
This commit is contained in:
parent
5947c9ae8c
commit
a495bb4e7f
14
src/tls.c
14
src/tls.c
@ -6647,6 +6647,7 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
|
|||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
WOLFSSL_X509_NAME* name = NULL;
|
WOLFSSL_X509_NAME* name = NULL;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int didInit = FALSE;
|
||||||
/* Use a DecodedCert struct to get access to GetName to
|
/* Use a DecodedCert struct to get access to GetName to
|
||||||
* parse DN name */
|
* parse DN name */
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
@ -6664,23 +6665,26 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
|
|||||||
idx += OPAQUE16_LEN;
|
idx += OPAQUE16_LEN;
|
||||||
|
|
||||||
if (extLen > length)
|
if (extLen > length)
|
||||||
return BUFFER_ERROR;
|
ret = BUFFER_ERROR;
|
||||||
|
|
||||||
|
if (ret == 0) {
|
||||||
InitDecodedCert(cert, input + idx, extLen, ssl->heap);
|
InitDecodedCert(cert, input + idx, extLen, ssl->heap);
|
||||||
|
didInit = TRUE;
|
||||||
idx += extLen;
|
idx += extLen;
|
||||||
|
|
||||||
ret = GetName(cert, SUBJECT, extLen);
|
ret = GetName(cert, SUBJECT, extLen);
|
||||||
|
}
|
||||||
|
|
||||||
if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL)
|
if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL)
|
||||||
ret = MEMORY_ERROR;
|
ret = MEMORY_ERROR;
|
||||||
|
|
||||||
if (ret == 0)
|
if (ret == 0) {
|
||||||
CopyDecodedName(name, cert, SUBJECT);
|
CopyDecodedName(name, cert, SUBJECT);
|
||||||
|
if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
|
||||||
if (ret == 0 && wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
|
|
||||||
== WOLFSSL_FAILURE)
|
== WOLFSSL_FAILURE)
|
||||||
ret = MEMORY_ERROR;
|
ret = MEMORY_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (didInit)
|
||||||
FreeDecodedCert(cert);
|
FreeDecodedCert(cert);
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
@ -62947,7 +62947,8 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
|
|||||||
EXPECT_DECLS;
|
EXPECT_DECLS;
|
||||||
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
|
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
|
||||||
!defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) && \
|
!defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) && \
|
||||||
defined(OPENSSL_EXTRA)
|
defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA384) && \
|
||||||
|
defined(HAVE_NULL_CIPHER)
|
||||||
/* This test should only fail (with BUFFER_ERROR) when we actually try to
|
/* This test should only fail (with BUFFER_ERROR) when we actually try to
|
||||||
* parse the CA Names extension. Otherwise it will return other non-related
|
* parse the CA Names extension. Otherwise it will return other non-related
|
||||||
* errors. If CA Names will be parsed in more configurations, that should
|
* errors. If CA Names will be parsed in more configurations, that should
|
||||||
@ -62955,6 +62956,7 @@ static int test_TLSX_CA_NAMES_bad_extension(void)
|
|||||||
WOLFSSL *ssl_c = NULL;
|
WOLFSSL *ssl_c = NULL;
|
||||||
WOLFSSL_CTX *ctx_c = NULL;
|
WOLFSSL_CTX *ctx_c = NULL;
|
||||||
struct test_memio_ctx test_ctx;
|
struct test_memio_ctx test_ctx;
|
||||||
|
/* HRR + SH using TLS_DHE_PSK_WITH_NULL_SHA384 */
|
||||||
const byte shBadCaNamesExt[] = {
|
const byte shBadCaNamesExt[] = {
|
||||||
0x16, 0x03, 0x04, 0x00, 0x3f, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0xcf,
|
0x16, 0x03, 0x04, 0x00, 0x3f, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0xcf,
|
||||||
0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e,
|
0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e,
|
||||||
|
Loading…
Reference in New Issue
Block a user