From e78a0c3e14375f61aec145d4adba81508fc5d0a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Maroneze?= Date: Thu, 12 Nov 2020 09:37:42 +0100 Subject: [PATCH] Fix another use of uinitialized memory in ssl_parse_encrypted_pms MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Complement to 0a8352b4: peer_pmslen is not initialized when decryption fails, so '|= peer_pmslen' may access uninitialized memory, as indicated by Frama-C/Eva. Co-authored-by: Gilles Peskine Signed-off-by: André Maroneze --- library/ssl_srv.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 97b778452..cbf6142ac 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3587,11 +3587,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, /* In case of a failure in decryption, the decryption may write less than * 2 bytes of output, but we always read the first two bytes. It doesn't * matter in the end because diff will be nonzero in that case due to - * peer_pmslen being less than 48, and we only care whether diff is 0. - * But do initialize peer_pms for robustness anyway. This also makes - * memory analyzers happy (don't access uninitialized memory, even - * if it's an unsigned char). */ + * ret being nonzero, and we only care whether diff is 0. + * But do initialize peer_pms and peer_pmslen for robustness anyway. This + * also makes memory analyzers happy (don't access uninitialized memory, + * even if it's an unsigned char). */ peer_pms[0] = peer_pms[1] = ~0; + peer_pmslen = 0; ret = ssl_decrypt_encrypted_pms( ssl, p, end, peer_pms,