Merge pull request #3893 from maroneze/mbedtls-2.16

Backport 2.16: Fix another use of uinitialized memory in ssl_parse_encrypted_pms
This commit is contained in:
Gilles Peskine 2020-11-18 18:40:50 +01:00 committed by GitHub
commit 9f0da915b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3587,11 +3587,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
/* In case of a failure in decryption, the decryption may write less than /* In case of a failure in decryption, the decryption may write less than
* 2 bytes of output, but we always read the first two bytes. It doesn't * 2 bytes of output, but we always read the first two bytes. It doesn't
* matter in the end because diff will be nonzero in that case due to * matter in the end because diff will be nonzero in that case due to
* peer_pmslen being less than 48, and we only care whether diff is 0. * ret being nonzero, and we only care whether diff is 0.
* But do initialize peer_pms for robustness anyway. This also makes * But do initialize peer_pms and peer_pmslen for robustness anyway. This
* memory analyzers happy (don't access uninitialized memory, even * also makes memory analyzers happy (don't access uninitialized memory,
* if it's an unsigned char). */ * even if it's an unsigned char). */
peer_pms[0] = peer_pms[1] = ~0; peer_pms[0] = peer_pms[1] = ~0;
peer_pmslen = 0;
ret = ssl_decrypt_encrypted_pms( ssl, p, end, ret = ssl_decrypt_encrypted_pms( ssl, p, end,
peer_pms, peer_pms,