Backport 2.7: Fix use of uinitialized memory in ssl_parse_encrypted_pms

Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>
This commit is contained in:
André Maroneze 2020-11-18 14:27:02 +01:00
parent a337176b42
commit 9fc67f0e14

View file

@ -3393,6 +3393,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
/* In case of a failure in decryption, peer_pmslen may not have been
* initialized, and it is accessed later. The diff will be nonzero anyway,
* but it's better to avoid accessing uninitialized memory in any case.
*/
peer_pmslen = 0;
ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len, ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
peer_pms, &peer_pmslen, peer_pms, &peer_pmslen,
sizeof( peer_pms ), sizeof( peer_pms ),