From f9ca30d042f3a676eed55efdb3c3f758623f37be Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 26 Feb 2019 11:38:29 +0000 Subject: [PATCH] ssl_client2: Zeroize peer CRT info buffer when reconnecting --- programs/ssl/ssl_client2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 72d857b61..1af760fc1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -494,7 +494,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len ) } #if defined(MBEDTLS_X509_CRT_PARSE_C) -static unsigned char peer_crt_info[1024] = { 0 }; +static unsigned char peer_crt_info[1024]; /* * Enabled if debug_level > 1 in code below @@ -1650,6 +1650,7 @@ int main( int argc, char *argv[] ) } mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); + memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2513,6 +2514,8 @@ reconnect: mbedtls_printf( " . Reconnecting with saved session..." ); + memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); + if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",