narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[tls] Ensure received data list is initialised before calling tls_free() 

A failure in tls_generate_random() will result in a call to ref_put()
before the received data list has been initialised, which will cause
free_tls() to attempt to traverse an uninitialised list.

Fix by ensuring that all fields referenced by free_tls() are
initialised before any of the potential failure paths.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/71/head
Michael Brown 2018-03-23 11:07:29 +00:00
parent eda9f4db61
commit ac4fbd47ae
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/net/tls.c
View File

@ -2788,6 +2788,9 @@ int add_tls ( struct interface *xfer, const char *name,
tls_clear_cipher ( tls, &tls->rx_cipherspec ); tls_clear_cipher ( tls, &tls->rx_cipherspec );
tls_clear_cipher ( tls, &tls->rx_cipherspec_pending ); tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
tls->client_random.gmt_unix_time = time ( NULL ); tls->client_random.gmt_unix_time = time ( NULL );
iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0,
sizeof ( tls->rx_header ) );
INIT_LIST_HEAD ( &tls->rx_data );
if ( ( rc = tls_generate_random ( tls, &tls->client_random.random, if ( ( rc = tls_generate_random ( tls, &tls->client_random.random,
( sizeof ( tls->client_random.random ) ) ) ) != 0 ) { ( sizeof ( tls->client_random.random ) ) ) ) != 0 ) {
goto err_random; goto err_random;
@ -2797,9 +2800,6 @@ int add_tls ( struct interface *xfer, const char *name,
( sizeof ( tls->pre_master_secret.random ) ) ) ) != 0 ) { ( sizeof ( tls->pre_master_secret.random ) ) ) ) != 0 ) {
goto err_random; goto err_random;
} }
iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0,
sizeof ( tls->rx_header ) );
INIT_LIST_HEAD ( &tls->rx_data );
/* Start negotiation */ /* Start negotiation */
tls_restart ( tls ); tls_restart ( tls );