Add missing zeroization of reassembled handshake messages

This commit ensures that buffers holding fragmented or handshake messages get zeroized before they are freed when the respective handshake message is no longer needed. Previously, the handshake message content would leak on the heap.
2025-01-07 06:35:27 +00:00 · 2018-10-15 13:22:22 +01:00 · 2018-10-15 13:22:22 +01:00 · 728d6cdcef
parent 6a74b2f687
commit 728d6cdcef
1 changed files with 1 additions and 0 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -3212,6 +3212,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )

    memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );

+    mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen );
    mbedtls_free( ssl->handshake->hs_msg );
    ssl->handshake->hs_msg = NULL;