Add missing zeroization of reassembled handshake messages

This commit ensures that buffers holding fragmented or
handshake messages get zeroized before they are freed
when the respective handshake message is no longer needed.
Previously, the handshake message content would leak on
the heap.
This commit is contained in:
Hanno Becker 2018-10-15 13:22:22 +01:00
parent 6a74b2f687
commit 728d6cdcef

View file

@ -3212,6 +3212,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen );
mbedtls_free( ssl->handshake->hs_msg ); mbedtls_free( ssl->handshake->hs_msg );
ssl->handshake->hs_msg = NULL; ssl->handshake->hs_msg = NULL;