Skip to content

Check for zero length and NULL buffer pointer. #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 5, 2019
Merged

Check for zero length and NULL buffer pointer. #222

merged 1 commit into from
Sep 5, 2019

Conversation

@jainvikas8
Copy link
Contributor

@jainvikas8 jainvikas8 commented Aug 15, 2019
edited by gilles-peskine-arm
Loading

In reference to issue #49

Backport to 2.16: Mbed-TLS/mbedtls#2793

After analysis this turned out not to be applicable to 2.7.

This was referenced Aug 15, 2019
Merged
Closed
@Patater
Copy link
Contributor

Patater commented Aug 16, 2019

Should this have a ChangeLog entry, like Mbed-TLS/mbedtls@e5c9e79 ?

@Patater
Copy link
Contributor

Patater commented Aug 16, 2019

Should this have a ChangeLog entry, like ARMmbed/mbedtls@e5c9e79 ?

Nevermind, this is to Mbed Crypto which doesn't have a Changelog. Misread it as going to Mbed TLS.

RonEld
RonEld previously approved these changes Aug 22, 2019
View reviewed changes
@Patater
Copy link
Contributor

Patater commented Aug 29, 2019

Will merge at same time as Mbed-TLS/mbedtls#2793 and Mbed-TLS/mbedtls#2794

@athoelke
Copy link
Contributor

athoelke commented Aug 29, 2019

Surely if buf == NULL and len > 0 there is a serious programming error somewhere? This change silently ignores the problem and carries on. Is that an appropriate option for a security service?

Patater
Patater suggested changes Sep 3, 2019
View reviewed changes
library/platform_util.c Outdated
void mbedtls_platform_zeroize( void *buf, size_t len )
{
memset_func( buf, 0, len );
if ( buf != NULL && len > 0 )
Copy link
Contributor

@Patater Patater Sep 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the discussion in #239 (comment), we should probably change this check to just if ( len > 0 ) and avoid the NULL check. This will allow static analyzers to see that buf is not allowed to be NULL for this function (and, as a very small bonus, we can save a tiny amount of code space).

Copy link
Collaborator

@gilles-peskine-arm gilles-peskine-arm Sep 3, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PSA and mbedtls APIs work differently here. In PSA Crypto, a null pointer dereference is supposed to invoke the platform's equivalent of a segmentation fault. In mbedtls, in low-level modules, a null pointer dereference is supposed to invoke MBEDTLS_PARAM_FAILED if MBEDTLS_CHECK_PARAMS is enabled (and segfaults otherwise), and many high-level modules (e.g. md, cipher and pk) return an error code on null pointers.

Here, I think the correct behavior is

MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
if( len > 0 )
    memset_func( buf, 0, len );

@jainvikas8
Copy link
Contributor Author

jainvikas8 commented Sep 4, 2019

Forced push to accommodate reviewer change request.

Patater
Patater suggested changes Sep 4, 2019
View reviewed changes
Copy link
Contributor

@Patater Patater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove trailing whitespace from the commit that added it, so that no trailing whitespace is ever added in the git log.

gilles-peskine-arm
gilles-peskine-arm reviewed Sep 4, 2019
View reviewed changes
library/platform_util.c Outdated
memset_func( buf, 0, len );
MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );

if ( len > 0 )
Copy link
Collaborator

@gilles-peskine-arm gilles-peskine-arm Sep 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style:

Suggested change
if ( len > 0 )
if( len > 0 )

@jainvikas8
Copy link
Contributor Author

jainvikas8 commented Sep 4, 2019

Forced push to correct style and trailing whitespaces.

@gilles-peskine-arm gilles-peskine-arm added bug Something isn't working needs: backports Needs backports to Mbed TLS branches labels Sep 4, 2019
@Patater Patater removed the needs: backports Needs backports to Mbed TLS branches label Sep 5, 2019
@Patater Patater merged commit 595643c into ARMmbed:development Sep 5, 2019
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Nov 21, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gilles-peskine-arm gilles-peskine-arm gilles-peskine-arm approved these changes

+2 more reviewers

@Patater Patater Patater approved these changes

@RonEld RonEld RonEld left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jainvikas8 @Patater @athoelke @RonEld @gilles-peskine-arm