TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a3d831b9e67cb8521073dfe7f15b07c53f9294c7^! / . / library / ssl_tls.c
commita3d831b9e67cb8521073dfe7f15b07c53f9294c7[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu May 23 12:28:45 2019 +0200
committerJarno Lamsa <jarno.lamsa@arm.com>Fri Aug 23 12:48:41 2019 +0300
treee55ae60c2a5718cc375ae64b60e77028fb5b1a32
parentf5fa0aa664aa3ef4c23adab35919850cc7c826de [diff] [blame]
Add test for session_load() from small buffers

This uncovered a bug that led to a double-free (in practice, in general could
be free() on any invalid value): initially the session structure is loaded
with `memcpy()` which copies the previous values of pointers peer_cert and
ticket to heap-allocated buffers (or any other value if the input is
attacker-controlled). Now if we exit before we got a chance to replace those
invalid values with valid ones (for example because the input buffer is too
small, or because the second malloc() failed), then the next call to
session_free() is going to call free() on invalid pointers.

This bug is fixed in this commit by always setting the pointers to NULL right
after they've been read from the serialised state, so that the invalid values
can never be used.

(An alternative would be to NULL-ify them when writing, which was rejected
mostly because we need to do it when reading anyway (as the consequences of
free(invalid) are too severe to take any risk), so doing it when writing as
well is redundant and a waste of code size.)

Also, while thinking about what happens in case of errors, it became apparent
to me that it was bad practice to leave the session structure in an
half-initialised state and rely on the caller to call session_free(), so this
commit also ensures we always clear the structure when loading failed.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6f9203d..cc70510 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -9959,11 +9959,14 @@
 }
 
 /*
- * Unserialise session, see ssl_save_session()
+ * Unserialise session, see mbedtls_ssl_session_save().
+ *
+ * This internal version is wrapped by a public function that cleans up in
+ * case of error.
  */
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
-                              const unsigned char *buf,
-                              size_t len )
+static int ssl_session_load( mbedtls_ssl_session *session,
+                             const unsigned char *buf,
+                             size_t len )
 {
     const unsigned char *p = buf;
     const unsigned char * const end = buf + len;
@@ -10092,6 +10095,21 @@
 }
 
 /*
+ * Unserialise session: public wrapper for error cleaning
+ */
+int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
+                              const unsigned char *buf,
+                              size_t len )
+{
+    int ret = ssl_session_load( session, buf, len );
+
+    if( ret != 0 )
+        mbedtls_ssl_session_free( session );
+
+    return( ret );
+}
+
+/*
  * Perform a single step of the SSL handshake
  */
 int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )