Fixed buffer overflow in private key decoding (wrong buffer length used in size check).

[BearSSL] / tools / certs.c

diff --git a/tools/certs.c b/tools/certs.c
index 91ca9b9..8986446 100644 (file)
--- a/tools/certs.c
+++ b/tools/certs.c
@@ -128,12 +128,14 @@ read_trust_anchors(anchor_list *dst, const char *fname)
 
                if (certificate_to_trust_anchor_inner(&ta, &xcs[u]) < 0) {
                        VEC_CLEAREXT(tas, free_ta_contents);
+                       free_certificates(xcs, num);
                        return 0;
                }
                VEC_ADD(tas, ta);
        }
        VEC_ADDMANY(*dst, &VEC_ELT(tas, 0), num);
        VEC_CLEAR(tas);
+       free_certificates(xcs, num);
        return num;
 }