lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-22 04:01:53 +03:00
Code Activity

Add missing zeroization of buffered handshake messages

Browse Source 
This commit ensures that buffers holding fragmented or
future handshake messages get zeroized before they are
freed when the respective handshake message is no longer
needed. Previously, the handshake message content would
leak on the heap.
This commit is contained in:
Hanno Becker
2018-10-12 16:31:41 +01:00
parent 0592ea772a
commit 805f2e11bd
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
library/ssl_tls.c
View File

@ -8741,6 +8741,7 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
if( hs_buf->is_valid == 1 ) if( hs_buf->is_valid == 1 )
{ {
hs->buffering.total_bytes_buffered -= hs_buf->data_len; hs->buffering.total_bytes_buffered -= hs_buf->data_len;
mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len );
mbedtls_free( hs_buf->data ); mbedtls_free( hs_buf->data );
memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
} }