TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9fc67f0e14dfc2aa327d781a0bd2b95b26013b6a^! / . / library / ssl_srv.c
commit9fc67f0e14dfc2aa327d781a0bd2b95b26013b6a[log] [tgz]
authorAndré Maroneze <maroneze@users.noreply.github.com>Wed Nov 18 14:27:02 2020 +0100
committerAndré Maroneze <maroneze@users.noreply.github.com>Wed Nov 18 14:27:02 2020 +0100
tree6b49c0b64dcf09781799457a2fd2ea206f608bd2
parenta337176b42fa505a2a22dccff824d9f6a9509aa7 [diff] [blame]
Backport 2.7: Fix use of uinitialized memory in ssl_parse_encrypted_pms

Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6300966..c3e8948 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3393,6 +3393,12 @@
     if( ret != 0 )
         return( ret );
 
+    /* In case of a failure in decryption, peer_pmslen may not have been
+     * initialized, and it is accessed later. The diff will be nonzero anyway,
+     * but it's better to avoid accessing uninitialized memory in any case.
+     */
+    peer_pmslen = 0;
+
     ret = mbedtls_pk_decrypt( mbedtls_ssl_own_key( ssl ), p, len,
                       peer_pms, &peer_pmslen,
                       sizeof( peer_pms ),