[openssl/openssl] 02a2c3: zero data in hm_fragment on alloc

Matt Caswell noreply at github.com
Fri Nov 24 11:05:08 UTC 2023 

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 02a2c3bc1336d2af1601fbc5d959c6babc1bce12
      https://github.com/openssl/openssl/commit/02a2c3bc1336d2af1601fbc5d959c6babc1bce12
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2023-11-24 (Fri, 24 Nov 2023)

  Changed paths:
    M ssl/statem/statem_dtls.c

  Log Message:
  -----------
  zero data in hm_fragment on alloc

if we allocate a new hm_frament in dtls1_buffer_message with
dtls1_hm_fragment_new, the returned fragment contains uninitalized data in the
msg_header field.  If an error then occurs, and we free the fragment,
dtls_hm_fragment_free interrogates the msg_header field (which is garbage), and
potentially references undefined values, or worse, accidentally references
available memory that is not owned, leading to various corruptions.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2261)


  Commit: 5e361b00c41a443c0c5954f7dd6f475d645b7f84
      https://github.com/openssl/openssl/commit/5e361b00c41a443c0c5954f7dd6f475d645b7f84
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-11-24 (Fri, 24 Nov 2023)

  Changed paths:
    M ssl/d1_lib.c
    M ssl/ssl_lib.c
    M ssl/statem/statem_dtls.c

  Log Message:
  -----------
  Move freeing of an old enc_write_ctx/write_hash to dtls1_clear_sent_buffer

When we are clearing the sent messages queue we should ensure we free any
old enc_write_ctx/write_hash that are no longer in use. Previously this
logic was in dtls1_hm_fragment_free() - but this can end up freeing the
current enc_write_ctx/write_hash under certain error conditions.

Fixes #22664

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2261)


Compare: https://github.com/openssl/openssl/compare/4b5215998142...5e361b00c41a

More information about the openssl-commits mailing list