Merge pull request #6521 from daverodgman/fix_ssl_zeroize

Fix zeroization at NULL pointer
2025-03-23 16:20:49 +00:00 · 2022-11-01 20:50:38 +00:00 · 2022-11-01 20:50:38 +00:00 · 5f8dfb5393
commit 5f8dfb5393
parent 55fd0b9fc1 5875f5f96b
2 changed files with 6 additions and 1 deletions
--- a/ChangeLog.d/fix_zeroization.txt
+++ b/ChangeLog.d/fix_zeroization.txt
@ -0,0 +1,3 @@
+Bugfix
+   * Fix possible crash in TLS PRF code, if a failure to allocate memory occurs.
+     Reported by Michael Madsen in #6516.
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -5635,7 +5635,9 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
 exit:
    mbedtls_md_free( &md_ctx );

-    mbedtls_platform_zeroize( tmp, tmp_len );
+    if ( tmp != NULL )
+        mbedtls_platform_zeroize( tmp, tmp_len );
+
    mbedtls_platform_zeroize( h_i, sizeof( h_i ) );

    mbedtls_free( tmp );