From d82e0c0235242fd5829ff2da89e649d98fa0d366 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 15 Oct 2018 13:22:22 +0100 Subject: [PATCH] Add missing zeroization of reassembled handshake messages This commit ensures that buffers holding fragmented or handshake messages get zeroized before they are freed when the respective handshake message is no longer needed. Previously, the handshake message content would leak on the heap. --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da55801f6..c6b17ae27 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3235,6 +3235,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); + mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen ); mbedtls_free( ssl->handshake->hs_msg ); ssl->handshake->hs_msg = NULL;