From 728d6cdcef3cd327ba5ac03ee0975017b0efd5b2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 15 Oct 2018 13:22:22 +0100 Subject: [PATCH] Add missing zeroization of reassembled handshake messages This commit ensures that buffers holding fragmented or handshake messages get zeroized before they are freed when the respective handshake message is no longer needed. Previously, the handshake message content would leak on the heap. --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 80917956e3..00ae9fcc36 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3212,6 +3212,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl ) memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen ); + mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen ); mbedtls_free( ssl->handshake->hs_msg ); ssl->handshake->hs_msg = NULL;