From 30dd34166845e9c6dd25a36682400e4e3a485065 Mon Sep 17 00:00:00 2001 From: inoguchi <> Date: Sun, 16 Feb 2020 14:33:04 +0000 Subject: Avoid leak for tmp.x25519 Changed to use local variable to hold malloc address rather than directly set to S3I(s)->tmp.x25519, and set that private_key pointer to S3I(s)->tmp.x25519 after all the "goto err;". Also added freezero for S3I(s)->tmp.x25519 to ssl3_free() and ssl3_clear(). ok jsing@ tb@ --- src/lib/libssl/ssl_srvr.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src/lib/libssl/ssl_srvr.c') diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 843d2ee249..e55b6beed1 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.71 2020/01/30 16:25:09 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.72 2020/02/16 14:33:04 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1408,7 +1408,7 @@ ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb) static int ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) { - uint8_t *public_key = NULL; + uint8_t *public_key = NULL, *private_key = NULL; int curve_id; CBB ecpoint; int ret = -1; @@ -1418,11 +1418,11 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } - if ((S3I(s)->tmp.x25519 = malloc(X25519_KEY_LENGTH)) == NULL) + if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL) goto err; if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL) goto err; - X25519_keypair(public_key, S3I(s)->tmp.x25519); + X25519_keypair(public_key, private_key); /* Serialize public key. */ if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) { @@ -1441,10 +1441,13 @@ ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb) if (!CBB_flush(cbb)) goto err; + S3I(s)->tmp.x25519 = private_key; + private_key = NULL; ret = 1; err: free(public_key); + freezero(private_key, X25519_KEY_LENGTH); return (ret); } -- cgit v1.2.3-55-g6feb