Hardening in TLSX_KeyShare_ProcessPqcHybridClient

This commit is contained in:
Eric Blankenhorn
2026-04-27 14:43:43 -05:00
parent 3181e2bcf8
commit e37118bdfb
3 changed files with 114 additions and 5 deletions
+14 -5
View File
@@ -10222,15 +10222,24 @@ static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl,
ecc_kse->key = NULL;
pqc_kse->privKey = NULL;
}
else
#endif
{
/* Re-sync keyShareEntry->key with ecc_kse->key. ecc_kse->key was
* aliased to keyShareEntry->key above. The inner Process*_ex
* either ran its end-of-function cleanup and set ecc_kse->key
* to NULL (so the outer pointer must also become NULL to avoid
* UAF/double-free in TLSX_KeyShare_FreeAll), or returned early
* before cleanup with ecc_kse->key still pointing at the live
* key (so the outer pointer must keep that pointer for later
* freeing). Mirroring whatever the inner left in ecc_kse->key
* handles both cases correctly. */
keyShareEntry->key = ecc_kse->key;
}
}
if (ret == 0) {
keyShareEntry->key = ecc_kse->key;
ecc_kse->key = NULL;
if ((ret == 0) &&
((ssl->arrays->preMasterSz + ssSzPqc) > ENCRYPT_LEN)) {
if ((ssl->arrays->preMasterSz + ssSzPqc) > ENCRYPT_LEN) {
WOLFSSL_MSG("shared secret is too long.");
ret = LENGTH_ERROR;
}