From 805f2e11bd1e3bfcffe5dc7a88daf3c18f26166c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 12 Oct 2018 16:31:41 +0100 Subject: [PATCH] Add missing zeroization of buffered handshake messages This commit ensures that buffers holding fragmented or future handshake messages get zeroized before they are freed when the respective handshake message is no longer needed. Previously, the handshake message content would leak on the heap. --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8bd74db8d..b671c14ac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8741,6 +8741,7 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, if( hs_buf->is_valid == 1 ) { hs->buffering.total_bytes_buffered -= hs_buf->data_len; + mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len ); mbedtls_free( hs_buf->data ); memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); }