Add missing zeroization of reassembled handshake messages

This commit ensures that buffers holding fragmented or
handshake messages get zeroized before they are freed
when the respective handshake message is no longer needed.
Previously, the handshake message content would leak on
the heap.
This commit is contained in:
Hanno Becker 2018-10-15 13:22:22 +01:00
parent 9a1a151a1a
commit d82e0c0235

View file

@ -3235,6 +3235,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen );
mbedtls_free( ssl->handshake->hs_msg ); mbedtls_free( ssl->handshake->hs_msg );
ssl->handshake->hs_msg = NULL; ssl->handshake->hs_msg = NULL;