Add missing zeroization of buffered handshake messages

This commit ensures that buffers holding fragmented or
future handshake messages get zeroized before they are
freed when the respective handshake message is no longer
needed. Previously, the handshake message content would
leak on the heap.
This commit is contained in:
Hanno Becker 2018-10-12 16:31:41 +01:00
parent 0592ea772a
commit 805f2e11bd

View file

@ -8741,6 +8741,7 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
if( hs_buf->is_valid == 1 )
{
hs->buffering.total_bytes_buffered -= hs_buf->data_len;
mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len );
mbedtls_free( hs_buf->data );
memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
}