Skip to content

Commit e3dc586

Browse files
committed
net/ssl-mbed: NULL-check calloc in ssl_socket_init
ssl_socket_init in the mbedtls variant had the same bug as the BearSSL variant: calloc then immediate dereference with no NULL check. struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state)); state->domain = domain; /* NULL-deref on OOM */ Fix: NULL-check and return NULL on failure. The caller (net_http.c:1030) already treats a NULL return from ssl_socket_init as 'SSL setup failed, abort'. Not fixed here: the existing 'error:' label at the bottom of this same function only does 'if (state) free(state)' without calling mbedtls_ssl_free / mbedtls_ssl_config_free / mbedtls_ctr_drbg_free / mbedtls_entropy_free / mbedtls_x509_crt_free on the sub-contexts that were already mbedtls_*_init'd before the goto error. The 'ssl_socket_free' function further down does call all of those in the right order. Folding that cleanup into the error path is orthogonal to the NULL-deref fix and deserves its own commit with some mbedtls-side-effect analysis; deferred. Thread-safety: unchanged.
1 parent c7c68a0 commit e3dc586

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

libretro-common/net/net_socket_ssl_mbed.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,13 @@ void* ssl_socket_init(int fd, const char *domain)
9595
static const char *pers = "libretro";
9696
struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state));
9797

98+
/* NULL-check before 'state->domain = domain' on the next line
99+
* dereferences state. Sibling bug in net_socket_ssl_bear.c's
100+
* ssl_socket_init was fixed in the previous commit; applying
101+
* the same fix here. */
102+
if (!state)
103+
return NULL;
104+
98105
state->domain = domain;
99106

100107
#if defined(MBEDTLS_DEBUG_C)

0 commit comments

Comments
 (0)