diff options
author | MAntoniak <47522782+MAntoniak@users.noreply.github.com> | 2021-08-17 18:40:25 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-09-06 10:02:08 +0200 |
commit | 37fb213a2eab80047014e74b0a1c64e9d4dc68f0 (patch) | |
tree | 4867742a06e6676313a3028fe69acff18ac5d7ad /lib | |
parent | 9829b9436150ac28de8bb18734a1846557247be7 (diff) | |
download | curl-37fb213a2eab80047014e74b0a1c64e9d4dc68f0.tar.gz |
mbedtls: avoid using a large buffer on the stack
Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings is
set to a value greater than 2kB.
Co-authored-by: Daniel Stenberg
Closes #7586
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/mbedtls.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 30ef67f6d..780d13e18 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -668,8 +668,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(pinnedpubkey) { int size; CURLcode result; - mbedtls_x509_crt *p; - unsigned char pubkey[PUB_DER_MAX_BYTES]; + mbedtls_x509_crt *p = NULL; + unsigned char *pubkey = NULL; #if MBEDTLS_VERSION_NUMBER >= 0x03000000 if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) || @@ -686,6 +686,13 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(!p) return CURLE_OUT_OF_MEMORY; + pubkey = malloc(PUB_DER_MAX_BYTES); + + if(!pubkey) { + result = CURLE_OUT_OF_MEMORY; + goto pinnedpubkey_error; + } + mbedtls_x509_crt_init(p); /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der @@ -699,9 +706,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) { #endif failf(data, "Failed copying peer certificate"); - mbedtls_x509_crt_free(p); - free(p); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + goto pinnedpubkey_error; } #if MBEDTLS_VERSION_NUMBER >= 0x03000000 @@ -713,23 +719,21 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(size <= 0) { failf(data, "Failed copying public key from peer certificate"); - mbedtls_x509_crt_free(p); - free(p); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + goto pinnedpubkey_error; } /* mbedtls_pk_write_pubkey_der writes data at the end of the buffer. */ result = Curl_pin_peer_pubkey(data, pinnedpubkey, &pubkey[PUB_DER_MAX_BYTES - size], size); + pinnedpubkey_error: + mbedtls_x509_crt_free(p); + free(p); + free(pubkey); if(result) { - mbedtls_x509_crt_free(p); - free(p); return result; } - - mbedtls_x509_crt_free(p); - free(p); } #ifdef HAS_ALPN |