From 9e587d193accba905b4e637c9c5ba4b661f5a665 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Thu, 25 Apr 2019 04:57:37 +0000 Subject: Use calloc/freezero when allocating and freeing the session ticket data. The decrypted session ticket contains key material. ok tb@ --- lib/libssl/t1_lib.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 3cde388d6dd..162cfe5ebb5 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.163 2019/04/25 04:54:35 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.164 2019/04/25 04:57:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -875,8 +875,9 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess) { CBS ticket_name, ticket_iv, ticket_encdata, ticket_hmac; SSL_SESSION *sess = NULL; - size_t session_id_len; unsigned char *sdec = NULL; + size_t sdec_len = 0; + size_t session_id_len; const unsigned char *p; unsigned char hmac[EVP_MAX_MD_SIZE]; HMAC_CTX *hctx = NULL; @@ -978,7 +979,8 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess) goto derr; /* Attempt to decrypt session data. */ - if ((sdec = malloc(CBS_len(&ticket_encdata))) == NULL) + sdec_len = CBS_len(&ticket_encdata); + if ((sdec = calloc(1, sdec_len)) == NULL) goto err; if (EVP_DecryptUpdate(cctx, sdec, &slen, CBS_data(&ticket_encdata), CBS_len(&ticket_encdata)) <= 0) @@ -1025,7 +1027,7 @@ tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket, SSL_SESSION **psess) goto done; done: - free(sdec); + freezero(sdec, sdec_len); EVP_CIPHER_CTX_free(cctx); HMAC_CTX_free(hctx); SSL_SESSION_free(sess); -- cgit v1.2.3