yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 15:21:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #732 from gabor-mezei-arm/689_bp216_zeroising_of_plaintext_buffers

Browse source 
[Backport 2.16] Zeroising of plaintext buffers in mbedtls_ssl_read()
This commit is contained in:
Gilles Peskine 2020-08-12 18:51:44 +02:00 committed by GitHub
parent f1ef89586b b394b43cf8
commit 0ca801af76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/zeroising_of_plaintext_buffer.txt Normal file
View file

@ -0,0 +1,4 @@
Security
* Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
application data from memory. Reported in #689 by
Johan Uppman Bruce of Sectra.

4
library/ssl_tls.c
View file

@ -8656,6 +8656,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
memcpy( buf, ssl->in_offt, n );
ssl->in_msglen -= n;
/* Zeroising the plaintext buffer to erase unused application data
from the memory. */
mbedtls_platform_zeroize( ssl->in_offt, n );
if( ssl->in_msglen == 0 )
{
/* all bytes consumed */