mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-01 09:10:03 +00:00

History

Gilles Peskine 6d576c9646 Call setbuf when reading or writing files: programs After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), but only in sample programs that were calling mbedtls_platform_zeroize(). Don't bother protecting stdio buffers in programs where application buffers weren't protected. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:06:11 +02:00
..
CMakeLists.txt	Fix cmake build of programs	2021-06-17 09:38:38 +02:00
crypt_and_hash.c	Call setbuf when reading or writing files: programs	2022-06-30 17:06:11 +02:00

Gilles Peskine 6d576c9646 Call setbuf when reading or writing files: programs

After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

2022-06-30 17:06:11 +02:00

CMakeLists.txt

Fix cmake build of programs

2021-06-17 09:38:38 +02:00

crypt_and_hash.c

Call setbuf when reading or writing files: programs

2022-06-30 17:06:11 +02:00