From 36d904218bbec471dff85e7d337fae63be68940d Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Mon, 9 Jan 2017 15:09:16 +0200
Subject: [PATCH] Resource leak fix on windows platform

Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path,
in case a failure. when an error occurs, goto cleanup, and free the
resource, instead of returning error code immediately.
---
 ChangeLog          | 3 +++
 library/x509_crt.c | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 7a72030fa..c81c259e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,9 @@ Bugfix
    * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
      to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
      always be implemented by pthread support. Fix for #696
+   * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
+     In case of failure, when an error occures, goto cleanup.
+     Found by redplait #590
 
 Security
    * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index d7b857e58..5ec855192 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
                                      p, (int) len - 1,
                                      NULL, NULL );
         if( w_ret == 0 )
-            return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
+        {
+            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+            goto cleanup;
+        }
 
         w_ret = mbedtls_x509_crt_parse_file( chain, filename );
         if( w_ret < 0 )
@@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
     if( GetLastError() != ERROR_NO_MORE_FILES )
         ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
 
+cleanup:
     FindClose( hFind );
 #else /* _WIN32 */
     int t_ret;