eden-emu/mbedtls
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access

Browse source 
Fix uninitialised memory access in constant time functions
This commit is contained in:
Gilles Peskine 2022-06-01 11:42:51 +02:00 committed by GitHub
commit 8399cccd2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
library/ssl_msg.c
View file

@ -1634,8 +1634,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( auth_done == 0 )
{
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD];
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD] = { 0 };
unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD] = { 0 };
/* If the initial value of padlen was such that
* data_len < maclen + padlen + 1, then padlen