Call setbuf when reading or writing files: library After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), except: * In ctr_drbg.c, in load_file(), because this is only used for DH parameters and they are not confidential data. * In psa_its_file.c, in psa_its_remove(), because the file is only opened to check its existence, we don't read data from it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: da0913ba6b3ddd5708189df8115d85bbd0ff2be3 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:03:40 2022 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:03:40 2022 +0200
tree: 6ae7782502617517be42203511575f06e85d7eba
parent: 6497b5a1d10e59caa45c77bdcfacfeada1337ac0 [diff] [blame]
diff --git a/library/dhm.c b/library/dhm.c
index 2ce0ed4..1e95bda 100644
--- a/library/dhm.c
+++ b/library/dhm.c

@@ -620,6 +620,7 @@
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
         return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+    /* The data loaded here is public, so don't bother disabling buffering. */
 
     fseek( f, 0, SEEK_END );
     if( ( size = ftell( f ) ) == -1 )
commit	da0913ba6b3ddd5708189df8115d85bbd0ff2be3	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 30 17:03:40 2022 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 30 17:03:40 2022 +0200
tree	6ae7782502617517be42203511575f06e85d7eba
parent	6497b5a1d10e59caa45c77bdcfacfeada1337ac0 [diff] [blame]