Merge pull request #3312 from sander-visser/cleanup-nullptr-deref
Scope reduction to enable NULL check to protect dereferencing.
This commit is contained in:
commit
c39a80daee
2 changed files with 15 additions and 8 deletions
3
ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt
Normal file
3
ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
Bugfix
|
||||||
|
* Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
|
||||||
|
NULL pointer argument. Contributed by Sander Visser in #3312.
|
|
@ -6661,14 +6661,6 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *context,
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
|
||||||
size_t in_buf_len = ssl->in_buf_len;
|
|
||||||
size_t out_buf_len = ssl->out_buf_len;
|
|
||||||
#else
|
|
||||||
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
|
|
||||||
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if( ssl == NULL )
|
if( ssl == NULL )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -6676,6 +6668,12 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
if( ssl->out_buf != NULL )
|
if( ssl->out_buf != NULL )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||||
|
size_t out_buf_len = ssl->out_buf_len;
|
||||||
|
#else
|
||||||
|
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
||||||
|
#endif
|
||||||
|
|
||||||
mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
|
mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
|
||||||
mbedtls_free( ssl->out_buf );
|
mbedtls_free( ssl->out_buf );
|
||||||
ssl->out_buf = NULL;
|
ssl->out_buf = NULL;
|
||||||
|
@ -6683,6 +6681,12 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
if( ssl->in_buf != NULL )
|
if( ssl->in_buf != NULL )
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||||
|
size_t in_buf_len = ssl->in_buf_len;
|
||||||
|
#else
|
||||||
|
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
|
||||||
|
#endif
|
||||||
|
|
||||||
mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
|
mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
|
||||||
mbedtls_free( ssl->in_buf );
|
mbedtls_free( ssl->in_buf );
|
||||||
ssl->in_buf = NULL;
|
ssl->in_buf = NULL;
|
||||||
|
|
Loading…
Reference in a new issue