From 0a8352b4c2b653e1fcafd18a0df91878034a29a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Jun 2018 18:16:41 +0200 Subject: [PATCH] Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms In ssl_parse_encrypted_pms, some operational failures from ssl_decrypt_encrypted_pms lead to diff being set to a value that depended on some uninitialized unsigned char and size_t values. This didn't affect the behavior of the program (assuming an implementation with no trap values for size_t) because all that matters is whether diff is 0, but Valgrind rightfully complained about the use of uninitialized memory. Behave nicely and initialize the offending memory. --- library/ssl_srv.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 2b25e091fb..b49b9e1ddf 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3513,6 +3513,15 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, size_t i, peer_pmslen; unsigned int diff; + /* In case of a failure in decryption, the decryption may write less than + * 2 bytes of output, but we always read the first two bytes. It doesn't + * matter in the end because diff will be nonzero in that case due to + * peer_pmslen being less than 48, and we only care whether diff is 0. + * But do initialize peer_pms for robustness anyway. This also makes + * memory analyzers happy (don't access uninitialized memory, even + * if it's an unsigned char). */ + peer_pms[0] = peer_pms[1] = ~0; + ret = ssl_decrypt_encrypted_pms( ssl, p, end, peer_pms, &peer_pmslen,