[openssl/openssl] 29406e: zero data in hm_fragment on alloc
Matt Caswell
noreply at github.com
Fri Nov 24 11:05:09 UTC 2023
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 29406e10311380d9d1fb3105b33039685ff6f507
https://github.com/openssl/openssl/commit/29406e10311380d9d1fb3105b33039685ff6f507
Author: Neil Horman <nhorman at openssl.org>
Date: 2023-11-24 (Fri, 24 Nov 2023)
Changed paths:
M ssl/statem/statem_dtls.c
Log Message:
-----------
zero data in hm_fragment on alloc
if we allocate a new hm_frament in dtls1_buffer_message with
dtls1_hm_fragment_new, the returned fragment contains uninitalized data in the
msg_header field. If an error then occurs, and we free the fragment,
dtls_hm_fragment_free interrogates the msg_header field (which is garbage), and
potentially references undefined values, or worse, accidentally references
available memory that is not owned, leading to various corruptions.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2261)
(cherry picked from commit 02a2c3bc1336d2af1601fbc5d959c6babc1bce12)
Commit: 49ba775e49e1ac37f95e77da21612d7695b2e806
https://github.com/openssl/openssl/commit/49ba775e49e1ac37f95e77da21612d7695b2e806
Author: Matt Caswell <matt at openssl.org>
Date: 2023-11-24 (Fri, 24 Nov 2023)
Changed paths:
M ssl/d1_lib.c
M ssl/ssl_lib.c
M ssl/statem/statem_dtls.c
Log Message:
-----------
Move freeing of an old enc_write_ctx/write_hash to dtls1_clear_sent_buffer
When we are clearing the sent messages queue we should ensure we free any
old enc_write_ctx/write_hash that are no longer in use. Previously this
logic was in dtls1_hm_fragment_free() - but this can end up freeing the
current enc_write_ctx/write_hash under certain error conditions.
Fixes #22664
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2261)
(cherry picked from commit 5e361b00c41a443c0c5954f7dd6f475d645b7f84)
Compare: https://github.com/openssl/openssl/compare/48fe8d4e53d5...49ba775e49e1
More information about the openssl-commits
mailing list