Fix potential memory leak in SHA Copy and zero-initialize temp GetHash contexts; zero HMAC dst hash before copy to prevent shared pointers

This commit is contained in:
night1rider
2026-02-24 14:48:28 -07:00
parent 6c8c3235dd
commit 58a6158c4e
4 changed files with 21 additions and 32 deletions
+5
View File
@@ -331,6 +331,11 @@ int wc_HmacCopy(Hmac* src, Hmac* dst) {
XMEMCPY(dst, src, sizeof(*dst));
/* Zero hash context after shallow copy to prevent shared sub-pointers
* (e.g., msg, W buffers) with src. The hash Copy function will perform
* the proper deep copy. */
XMEMSET(&dst->hash, 0, sizeof(wc_HmacHash));
ret = HmacKeyCopyHash(src->macType, &src->hash, &dst->hash);
if (ret != 0)
+4
View File
@@ -1172,6 +1172,10 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
/* Free dst resources before copy to prevent memory leaks (e.g., msg
* buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
wc_ShaFree(dst);
XMEMCPY(dst, src, sizeof(wc_Sha));
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
+6 -16
View File
@@ -2582,14 +2582,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
/* Free dst's msg buffer before copy to prevent potential memory leak
* when XMEMCPY overwrites dst with src's pointers. */
#if defined(WOLFSSL_HASH_KEEP)
if (dst->msg != NULL) {
XFREE(dst->msg, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
dst->msg = NULL;
}
#endif
/* Free dst resources before copy to prevent memory leaks (e.g., msg
* buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
wc_Sha224Free(dst);
XMEMCPY(dst, src, sizeof(wc_Sha224));
@@ -2737,14 +2732,9 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
/* Free dst's msg buffer before copy to prevent potential memory leak
* when XMEMCPY overwrites dst with src's pointers. */
#if defined(WOLFSSL_HASH_KEEP)
if (dst->msg != NULL) {
XFREE(dst->msg, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
dst->msg = NULL;
}
#endif
/* Free dst resources before copy to prevent memory leaks (e.g., msg
* buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
wc_Sha256Free(dst);
XMEMCPY(dst, src, sizeof(wc_Sha256));
+6 -16
View File
@@ -2249,14 +2249,9 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
/* Free dst's msg buffer before copy to prevent potential memory leak
* when XMEMCPY overwrites dst with src's pointers. */
#if defined(WOLFSSL_HASH_KEEP)
if (dst->msg != NULL) {
XFREE(dst->msg, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
dst->msg = NULL;
}
#endif
/* Free dst resources before copy to prevent memory leaks (e.g., msg
* buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
wc_Sha512Free(dst);
XMEMCPY(dst, src, sizeof(wc_Sha512));
#ifdef WOLFSSL_SMALL_STACK_CACHE
@@ -2696,14 +2691,9 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
ret = 0; /* Reset ret to 0 to avoid returning the callback error code */
#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */
/* Free dst's msg buffer before copy to prevent potential memory leak
* when XMEMCPY overwrites dst with src's pointers. */
#if defined(WOLFSSL_HASH_KEEP)
if (dst->msg != NULL) {
XFREE(dst->msg, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
dst->msg = NULL;
}
#endif
/* Free dst resources before copy to prevent memory leaks (e.g., msg
* buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */
wc_Sha384Free(dst);
XMEMCPY(dst, src, sizeof(wc_Sha384));