www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy.

Browse Source 
Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key
to avoid saving a pointer to stack.

While at it, cleanup secret data from buf before leaving.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876937 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2020-04-24 17:04:28 +00:00
parent 4d1224588d
commit 00c85f8083
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/ssl/ssl_engine_init.c
View File

@@ -1608,7 +1608,8 @@ static apr_status_t ssl_init_ticket_key(server_rec *s,
ssl_callback_SessionTicket);
#else
ticket_key->mac_params[0] =
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, buf + 16, 16);
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
apr_pmemdup(p, buf + 16, 16), 16);
ticket_key->mac_params[1] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0);
ticket_key->mac_params[2] =
@@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key(server_rec *s,
res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx,
ssl_callback_SessionTicket);
#endif
memset(buf, 0, sizeof(buf));
if (!res) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01913)
"Unable to initialize TLS session ticket key callback "