yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 22:25:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'iotssl-1419-safermemcmp-volatile_backport-1.3' into mbedtls-1.3-restricted

Browse source
This commit is contained in:
Gilles Peskine 2017-11-28 13:50:05 +01:00
parent 3036cbeb8e 1caad08610
commit c5926a7049
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -10,6 +10,7 @@ Security
data is all zeros. data is all zeros.
* Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding * Fix unsafe bounds check in ssl_parse_client_psk_identity() when adding
64kB to the address of the SSL buffer wraps around. 64kB to the address of the SSL buffer wraps around.
* Tighten should-be-constant-time memcmp against compiler optimizations.
Bugfix Bugfix
* Fix memory leak in ssl_set_hostname() when called multiple times. * Fix memory leak in ssl_set_hostname() when called multiple times.

6
include/polarssl/ssl.h
View file

@ -2061,9 +2061,9 @@ int ssl_check_cert_usage( const x509_crt *cert,
static inline int safer_memcmp( const void *a, const void *b, size_t n ) static inline int safer_memcmp( const void *a, const void *b, size_t n )
{ {
size_t i; size_t i;
const unsigned char *A = (const unsigned char *) a; volatile const unsigned char *A = (volatile const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b; volatile const unsigned char *B = (volatile const unsigned char *) b;
unsigned char diff = 0; volatile unsigned char diff = 0;
for( i = 0; i < n; i++ ) for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i]; diff |= A[i] ^ B[i];