mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-11-06 19:29:29 +03:00
da0913ba6b
After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), except: * In ctr_drbg.c, in load_file(), because this is only used for DH parameters and they are not confidential data. * In psa_its_file.c, in psa_its_remove(), because the file is only opened to check its existence, we don't read data from it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
22 KiB
22 KiB