Merge pull request #7096 from julek-wolfssl/zd/17219

Add fencing to ClientSessionToSession()
2025-08-01 03:34:39 +02:00 · 2024-01-05 07:24:00 +10:00
parent a8c94cf22b 0e1573accc
commit 9e468a900b
2 changed files with 30 additions and 0 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -14461,6 +14461,9 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
            WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
            error = -1;
        }
+        /* Prevent memory access before clientSession->serverRow and
+         * clientSession->serverIdx are sanitized. */
+        XFENCE();
        if (error == 0) {
            /* Lock row */
            sessRow = &SessionCache[clientSession->serverRow];
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -1180,6 +1180,33 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
    #endif
 #endif

+#ifdef WOLF_C99
+    /* use alternate keyword for compatibility with -std=c99 */
+    #define XASM_VOLATILE(a) __asm__ volatile(a)
+#elif defined(__IAR_SYSTEMS_ICC__)
+    #define XASM_VOLATILE(a) asm volatile(a)
+#elif defined(__KEIL__)
+    #define XASM_VOLATILE(a) __asm volatile(a)
+#else
+    #define XASM_VOLATILE(a) __asm__ __volatile__(a)
+#endif
+
+#ifndef WOLFSSL_NO_FENCE
+    #if defined (__i386__) || defined(__x86_64__)
+        #define XFENCE() XASM_VOLATILE("lfence")
+    #elif defined (__arm__) || defined(__aarch64__)
+        #define XFENCE() XASM_VOLATILE("isb")
+    #elif defined(__riscv)
+        #define XFENCE() XASM_VOLATILE("fence")
+    #elif defined(__PPC__)
+        #define XFENCE() XASM_VOLATILE("isync; sync")
+    #else
+        #define XFENCE() do{}while(0)
+    #endif
+#else
+    #define XFENCE() do{}while(0)
+#endif
+

    /* AFTER user_settings.h is loaded,
    ** determine if POSIX multi-threaded: HAVE_PTHREAD  */