Memory leak if ecdsa_sign/ecdsa_verify fail with an error #19
Labels
Milestone
Comments
|
We will check this out and fix accordingly. Thanks for noticing. |
|
Can you elaborate? All MPIs initialized in the sign and verify functions are cleared as well. Are you referring to the MPIs in the group? You should free the group yourself outside of the sign and verify functions. |
|
For example, ecdsa_verify declares (from https://github.com/polarssl/polarssl/blob/polarssl-1.3/library/ecdsa.c) Line 118: mpi e, s_inv, u1, u2; These variables are freed at line 171,172 in the success case, but not if R is zero @ line 161 or if the signature fails @ line 167. |
|
Correct.. Fixed in cca998a |
hanno-becker
pushed a commit
to hanno-becker/mbedtls
that referenced
this issue
Jan 25, 2019
Includes PRs Mbed-TLS#6, Mbed-TLS#18, Mbed-TLS#19.
hanno-becker
pushed a commit
to hanno-becker/mbedtls
that referenced
this issue
Jan 25, 2019
…_allocate_key Don't require a type and size when creating a key slot
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The sign&verify functions will not free up some mpi's if they fail.
I used the alpha 1.3.1 that was released a couple of months ago.
The text was updated successfully, but these errors were encountered: