Merge pull request #3312 from sander-visser/cleanup-nullptr-deref
Scope reduction to enable NULL check to protect dereferencing.
This commit is contained in:
commit
c39a80daee
2 changed files with 15 additions and 8 deletions
3
ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt
Normal file
3
ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a
|
||||
NULL pointer argument. Contributed by Sander Visser in #3312.
|
|
@ -6661,14 +6661,6 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *context,
|
|||
*/
|
||||
void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
size_t in_buf_len = ssl->in_buf_len;
|
||||
size_t out_buf_len = ssl->out_buf_len;
|
||||
#else
|
||||
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
|
||||
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
||||
#endif
|
||||
|
||||
if( ssl == NULL )
|
||||
return;
|
||||
|
||||
|
@ -6676,6 +6668,12 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ssl->out_buf != NULL )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
size_t out_buf_len = ssl->out_buf_len;
|
||||
#else
|
||||
size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
|
||||
#endif
|
||||
|
||||
mbedtls_platform_zeroize( ssl->out_buf, out_buf_len );
|
||||
mbedtls_free( ssl->out_buf );
|
||||
ssl->out_buf = NULL;
|
||||
|
@ -6683,6 +6681,12 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ssl->in_buf != NULL )
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
size_t in_buf_len = ssl->in_buf_len;
|
||||
#else
|
||||
size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN;
|
||||
#endif
|
||||
|
||||
mbedtls_platform_zeroize( ssl->in_buf, in_buf_len );
|
||||
mbedtls_free( ssl->in_buf );
|
||||
ssl->in_buf = NULL;
|
||||
|
|
Loading…
Reference in a new issue