From a200df3566bf2cbd345aefcfb701733dee81727f Mon Sep 17 00:00:00 2001
From: Jeremy Newton <alexjnewt@hotmail.com>
Date: Fri, 31 Oct 2025 22:14:19 -0400
Subject: [PATCH] mbedtls: CVE-2025-47917 fix

Backported from 3.6.x

Prevents crash and/or possible memory leak from invalid input
---
 Externals/mbedtls/library/x509_create.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Externals/mbedtls/library/x509_create.c b/Externals/mbedtls/library/x509_create.c
index 4ffd3b6a803..c04d3bbc048 100644
--- a/Externals/mbedtls/library/x509_create.c
+++ b/Externals/mbedtls/library/x509_create.c
@@ -122,8 +122,12 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam
     char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
     char *d = data;
 
-    /* Clear existing chain if present */
-    mbedtls_asn1_free_named_data_list(head);
+    /* Ensure the output parameter is not already populated.
+     * (If it were, overwriting it would likely cause a memory leak.)
+     */
+    if (*head != NULL) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     while (c <= end) {
         if (in_tag && *c == '=') {