From 0c34499805ecbeff45177727ae44418eb6c2dba5 Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Thu, 15 Aug 2019 14:24:20 +0100 Subject: [PATCH 1/2] Check for zero length and NULL buffer pointer In reference to issue https://github.com/ARMmbed/mbed-crypto/issues/49 --- library/platform_util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 756e22679..b1f745097 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -72,7 +72,10 @@ static void * (* const volatile memset_func)( void *, int, size_t ) = memset; void mbedtls_platform_zeroize( void *buf, size_t len ) { - memset_func( buf, 0, len ); + MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL ); + + if( len > 0 ) + memset_func( buf, 0, len ); } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ From cc9135f42e597bfc75bce3b2531580471a230731 Mon Sep 17 00:00:00 2001 From: Vikas Katariya Date: Thu, 15 Aug 2019 16:32:21 +0100 Subject: [PATCH 2/2] Changelog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index a78257803..49e1d6ed5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,8 @@ Bugfix * Fix propagation of restart contexts in restartable EC operations. This could previously lead to segmentation faults in builds using an address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE. + * Zero length buffer check for undefined behavior in + mbedtls_platform_zeroize(). Fixes ARMmbed/mbed-crypto#49. Changes * Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h