yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 05:25:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3894 from maroneze/mbedtls-2.7

Browse Source 
Backport 2.7: Fix use of uinitialized memory in ssl_parse_encrypted_pms
This commit is contained in:
Gilles Peskine 2020-11-18 18:40:56 +01:00 committed by GitHub
commit 1562d9c297
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_srv.c
View File

@ -3393,6 +3393,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
if( ret != 0 )
return( ret );
/* In case of a failure in decryption, peer_pmslen may not have been
* initialized, and it is accessed later. The diff will be nonzero anyway,
* but it's better to avoid accessing uninitialized memory in any case.
*/
peer_pmslen = 0;
ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
peer_pms, &peer_pmslen,
sizeof( peer_pms ),