From ec9e8ab892f2dc569ae09336c80c2796fd14a6ff Mon Sep 17 00:00:00 2001 From: Andy Green Date: Thu, 9 Jul 2020 13:57:11 +0100 Subject: [PATCH] mbedtls: only free crt_parse when something came back Mbedtls mbedtls_x509_crt_parse() returns 0 for success which is good. But it has a complicated idea about what to return on fail... if it couldn't make even one cert from the data, then it returns a negative return indicating the parsing problem and there is nothing to free. If it managed to parse at least one cert, instead it retuns a positive number indicating the number of certs it didn't parse successfully, and there is something to free. Adapt the code to understand this quirk. --- CMakeLists.txt | 2 +- lib/tls/mbedtls/mbedtls-x509.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 51237982f..f3d34331b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -327,7 +327,7 @@ set(PACKAGE "libwebsockets") set(CPACK_PACKAGE_NAME "${PACKAGE}") set(CPACK_PACKAGE_VERSION_MAJOR "4") set(CPACK_PACKAGE_VERSION_MINOR "0") -set(CPACK_PACKAGE_VERSION_PATCH "19") +set(CPACK_PACKAGE_VERSION_PATCH "20") set(CPACK_PACKAGE_RELEASE 1) set(CPACK_GENERATOR "RPM") set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") diff --git a/lib/tls/mbedtls/mbedtls-x509.c b/lib/tls/mbedtls/mbedtls-x509.c index f137a789c..54d47b1ed 100644 --- a/lib/tls/mbedtls/mbedtls-x509.c +++ b/lib/tls/mbedtls/mbedtls-x509.c @@ -240,7 +240,8 @@ lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len) ret = mbedtls_x509_crt_parse(&x509->cert, pem, len); if (ret) { - mbedtls_x509_crt_free(&x509->cert); + if (ret > 0) + mbedtls_x509_crt_free(&x509->cert); lwsl_err("%s: unable to parse PEM cert: -0x%x\n", __func__, -ret);