yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 11:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix another use of uinitialized memory in ssl_parse_encrypted_pms

Browse source 
Complement to 0a8352b4: peer_pmslen is not initialized when decryption
fails, so '|= peer_pmslen' may access uninitialized memory, as indicated
by Frama-C/Eva.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>
This commit is contained in:
André Maroneze 2020-11-12 09:37:42 +01:00
parent 481ff8e621
commit e78a0c3e14
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
library/ssl_srv.c
View file

@ -3587,11 +3587,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
/* In case of a failure in decryption, the decryption may write less than /* In case of a failure in decryption, the decryption may write less than
* 2 bytes of output, but we always read the first two bytes. It doesn't * 2 bytes of output, but we always read the first two bytes. It doesn't
* matter in the end because diff will be nonzero in that case due to * matter in the end because diff will be nonzero in that case due to
* peer_pmslen being less than 48, and we only care whether diff is 0. * ret being nonzero, and we only care whether diff is 0.
* But do initialize peer_pms for robustness anyway. This also makes * But do initialize peer_pms and peer_pmslen for robustness anyway. This
* memory analyzers happy (don't access uninitialized memory, even * also makes memory analyzers happy (don't access uninitialized memory,
* if it's an unsigned char). */ * even if it's an unsigned char). */
peer_pms[0] = peer_pms[1] = ~0; peer_pms[0] = peer_pms[1] = ~0;
peer_pmslen = 0;
ret = ssl_decrypt_encrypted_pms( ssl, p, end, ret = ssl_decrypt_encrypted_pms( ssl, p, end,
peer_pms, peer_pms,