feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add fencing to ClientSessionToSession()

Browse Source 
Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized.

Fixes ZD17219

Co-authored-by: Daniele Lacamera <dan@danielinux.net>
This commit is contained in:
Juliusz Sosinowicz
2023-12-27 16:23:29 +01:00
parent b8392ef659
commit 4b21cf3efc
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/ssl.c
View File

@@ -14469,6 +14469,9 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
error = -1; error = -1;
} }
/* Prevent memory access before clientSession->serverRow and
* clientSession->serverIdx are sanitized. */
XFENCE();
if (error == 0) { if (error == 0) {
/* Lock row */ /* Lock row */
sessRow = &SessionCache[clientSession->serverRow]; sessRow = &SessionCache[clientSession->serverRow];

16
wolfssl/wolfcrypt/wc_port.h
View File

@@ -1180,6 +1180,22 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
#endif #endif
#endif #endif
#ifndef WOLFSSL_NO_FENCE
#if defined (__i386__) || defined(__x86_64__)
#define XFENCE() asm volatile("lfence")
#elif defined (__arm__) || defined(__aarch64__)
#define XFENCE() asm volatile("isb")
#elif defined(__riscv)
#define XFENCE() asm volatile("fence")
#elif defined(__PPC__)
#define XFENCE() asm volatile("isync; sync")
#else
#define XFENCE() do{}while(0)
#endif
#else
#define XFENCE() do{}while(0)
#endif
/* AFTER user_settings.h is loaded, /* AFTER user_settings.h is loaded,
** determine if POSIX multi-threaded: HAVE_PTHREAD */ ** determine if POSIX multi-threaded: HAVE_PTHREAD */