Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null pointer usage in ssl_tls.c in a non-default config #3998

Closed
AndrzejKurek opened this issue Jan 11, 2021 · 1 comment · Fixed by #4989
Closed

Null pointer usage in ssl_tls.c in a non-default config #3998

AndrzejKurek opened this issue Jan 11, 2021 · 1 comment · Fixed by #4989
Labels
bug component-tls

Comments

@AndrzejKurek
Copy link
Contributor

AndrzejKurek commented Jan 11, 2021
edited
Loading

When not using MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS and MBEDTLS_DEBUG_C, but using the DTLS CID feature - a null pointer was accessed in line 917 of ssl-tls.c.
Fix available: see #3991 for details.
This was referenced Jun 11, 2021
Merged
Closed
@AndrzejKurek AndrzejKurek mentioned this issue Sep 30, 2021
Merged
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Apr 13, 2022
@gilles-peskine-arm
Fix crash with DTLS_CONNECTION_ID but not other SSL features
a6f99a1 
In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of
MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C,
DTLS handshakes using CID would crash due to a null pointer dereference.
Fix this. Fixes Mbed-TLS#3998.

Detected by running compat.sh in config-ccm-psk-dtls1_2.h.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Copy link
Contributor

2.28.x fix in #5730

gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Apr 13, 2022
@gilles-peskine-arm
Add changelog entry for Mbed-TLS#3998 fix
70b8a69 
The fix was in Mbed-TLS#4989.
We forgot to add a changelog entry.

Signed-off-by: Gilles Peskine <[email protected]>
This was referenced Apr 13, 2022
Merged
Merged
gilles-peskine-arm added a commit to gilles-peskine-arm/mbedtls that referenced this issue Apr 13, 2022
@gilles-peskine-arm
Remove mostly-redundant test build
5417d48 
component_test_CID_no_debug was added specifically to be a non-regression
test for Mbed-TLS#3998. Running compat.sh
in the newly introduced config-ccm-psk-dtls1_2.h is also a non-regression
test for that bug. Therefore component_test_CID_no_debug is redundant for
its primary purpose.

Of course every configuration is different, but the additional coverage from
component_test_CID_no_debug is minimal, unlike config-ccm-psk-dtls1_2.h
which is a plausible real-world configuration.

In mbedtls-2.28, component_test_CID_no_debug was never added, and running
the unit tests in that configuration does not trigger the Mbed-TLS#3998 bug, only
compat.sh does. So, rather than backport component_test_CID_no_debug to
2.28.2, I am removing it from 3.2.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm mentioned this issue Apr 14, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug component-tls
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on AndrzejKurek/mbedtls
2 participants
@gilles-peskine-arm @AndrzejKurek