Ensure buffer/length pairs are always in sync

Following on from CVE-2021-3449 which was caused by a non-zero length associated with a NULL buffer, other buffer/length pairs are updated to ensure that they too are always in sync. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
author: Matt Caswell <matt@openssl.org> 2021-03-18 16:52:10 +0000
committer: Matt Caswell <matt@openssl.org> 2021-03-25 09:48:08 +0000
commit: 39a140597d874e554b736885ac4dea16ac40a87a (patch)
tree: 4111ade117e62d5eb609109e6c47d7a866660046 /ssl/s3_lib.c
parent: 02b1636fe3db274497304a3e95a4e32ced7e841b (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 19ae6d9a28..f5b063319b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4603,6 +4603,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
 
         OPENSSL_clear_free(s->s3.tmp.psk, psklen);
         s->s3.tmp.psk = NULL;
+        s->s3.tmp.psklen = 0;
         if (!s->method->ssl3_enc->generate_master_secret(s,
                     s->session->master_key, pskpms, pskpmslen,
                     &s->session->master_key_length)) {
@@ -4632,8 +4633,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
         else
             OPENSSL_cleanse(pms, pmslen);
     }
-    if (s->server == 0)
+    if (s->server == 0) {
         s->s3.tmp.pms = NULL;
+        s->s3.tmp.pmslen = 0;
+    }
     return ret;
 }
author	Matt Caswell <matt@openssl.org>	2021-03-18 16:52:10 +0000
committer	Matt Caswell <matt@openssl.org>	2021-03-25 09:48:08 +0000
commit	39a140597d874e554b736885ac4dea16ac40a87a (patch)
tree	4111ade117e62d5eb609109e6c47d7a866660046 /ssl/s3_lib.c
parent	02b1636fe3db274497304a3e95a4e32ced7e841b (diff)