summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMAntoniak <47522782+MAntoniak@users.noreply.github.com>2021-08-17 18:40:25 +0200
committerDaniel Stenberg <daniel@haxx.se>2021-09-06 10:02:08 +0200
commit37fb213a2eab80047014e74b0a1c64e9d4dc68f0 (patch)
tree4867742a06e6676313a3028fe69acff18ac5d7ad /lib
parent9829b9436150ac28de8bb18734a1846557247be7 (diff)
downloadcurl-37fb213a2eab80047014e74b0a1c64e9d4dc68f0.tar.gz
mbedtls: avoid using a large buffer on the stack
Use dynamic memory allocation for the buffer used in checking "pinned public key". The PUB_DER_MAX_BYTES parameter with default settings is set to a value greater than 2kB. Co-authored-by: Daniel Stenberg Closes #7586
Diffstat (limited to 'lib')
-rw-r--r--lib/vtls/mbedtls.c30
1 files changed, 17 insertions, 13 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 30ef67f6d..780d13e18 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -668,8 +668,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(pinnedpubkey) {
int size;
CURLcode result;
- mbedtls_x509_crt *p;
- unsigned char pubkey[PUB_DER_MAX_BYTES];
+ mbedtls_x509_crt *p = NULL;
+ unsigned char *pubkey = NULL;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) ||
@@ -686,6 +686,13 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(!p)
return CURLE_OUT_OF_MEMORY;
+ pubkey = malloc(PUB_DER_MAX_BYTES);
+
+ if(!pubkey) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto pinnedpubkey_error;
+ }
+
mbedtls_x509_crt_init(p);
/* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der
@@ -699,9 +706,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) {
#endif
failf(data, "Failed copying peer certificate");
- mbedtls_x509_crt_free(p);
- free(p);
- return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ goto pinnedpubkey_error;
}
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
@@ -713,23 +719,21 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(size <= 0) {
failf(data, "Failed copying public key from peer certificate");
- mbedtls_x509_crt_free(p);
- free(p);
- return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ goto pinnedpubkey_error;
}
/* mbedtls_pk_write_pubkey_der writes data at the end of the buffer. */
result = Curl_pin_peer_pubkey(data,
pinnedpubkey,
&pubkey[PUB_DER_MAX_BYTES - size], size);
+ pinnedpubkey_error:
+ mbedtls_x509_crt_free(p);
+ free(p);
+ free(pubkey);
if(result) {
- mbedtls_x509_crt_free(p);
- free(p);
return result;
}
-
- mbedtls_x509_crt_free(p);
- free(p);
}
#ifdef HAS_ALPN