Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for zero length and NULL buffer pointer. #222

Merged
merged 1 commit into from
Sep 5, 2019
Merged

Check for zero length and NULL buffer pointer. #222

merged 1 commit into from
Sep 5, 2019

Conversation

jainvikas8
Copy link
Contributor

@jainvikas8 jainvikas8 commented Aug 15, 2019
edited by gilles-peskine-arm
Loading

In reference to issue #49

Backport to 2.16: Mbed-TLS/mbedtls#2793

After analysis this turned out not to be applicable to 2.7.

This was referenced Aug 15, 2019
Merged
Closed
@Patater
Copy link
Contributor

Patater commented Aug 16, 2019

Should this have a ChangeLog entry, like Mbed-TLS/mbedtls@e5c9e79 ?

@Patater
Copy link
Contributor

Patater commented Aug 16, 2019

Should this have a ChangeLog entry, like ARMmbed/mbedtls@e5c9e79 ?

Nevermind, this is to Mbed Crypto which doesn't have a Changelog. Misread it as going to Mbed TLS.

RonEld
RonEld previously approved these changes Aug 22, 2019
View reviewed changes
@Patater
Copy link
Contributor

Patater commented Aug 29, 2019

Will merge at same time as Mbed-TLS/mbedtls#2793 and Mbed-TLS/mbedtls#2794

@athoelke
Copy link
Contributor

Surely if buf == NULL and len > 0 there is a serious programming error somewhere? This change silently ignores the problem and carries on. Is that an appropriate option for a security service?

Patater
Patater suggested changes Sep 3, 2019
View reviewed changes
library/platform_util.c Outdated
@@ -72,7 +72,8 @@ static void * (* const volatile memset_func)( void *, int, size_t ) = memset;

void mbedtls_platform_zeroize( void *buf, size_t len )
{
memset_func( buf, 0, len );
if ( buf != NULL && len > 0 )
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the discussion in #239 (comment), we should probably change this check to just if ( len > 0 ) and avoid the NULL check. This will allow static analyzers to see that buf is not allowed to be NULL for this function (and, as a very small bonus, we can save a tiny amount of code space).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PSA and mbedtls APIs work differently here. In PSA Crypto, a null pointer dereference is supposed to invoke the platform's equivalent of a segmentation fault. In mbedtls, in low-level modules, a null pointer dereference is supposed to invoke MBEDTLS_PARAM_FAILED if MBEDTLS_CHECK_PARAMS is enabled (and segfaults otherwise), and many high-level modules (e.g. md, cipher and pk) return an error code on null pointers.

Here, I think the correct behavior is

MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
if( len > 0 )
    memset_func( buf, 0, len );

@jainvikas8
Copy link
Contributor Author

Forced push to accommodate reviewer change request.

Patater
Patater suggested changes Sep 4, 2019
View reviewed changes
Copy link
Contributor

@Patater Patater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove trailing whitespace from the commit that added it, so that no trailing whitespace is ever added in the git log.

gilles-peskine-arm
gilles-peskine-arm reviewed Sep 4, 2019
View reviewed changes
library/platform_util.c Outdated
memset_func( buf, 0, len );
MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );

if ( len > 0 )
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style:

Suggested change
if ( len > 0 )
if( len > 0 )

@jainvikas8
Copy link
Contributor Author

Forced push to correct style and trailing whitespaces.

@gilles-peskine-arm gilles-peskine-arm added bug Something isn't working needs: backports Needs backports to Mbed TLS branches labels Sep 4, 2019
@Patater Patater removed the needs: backports Needs backports to Mbed TLS branches label Sep 5, 2019
@Patater Patater merged commit 595643c into ARMmbed:development Sep 5, 2019
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Nov 21, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Patater Patater Patater approved these changes

@gilles-peskine-arm gilles-peskine-arm gilles-peskine-arm approved these changes

@RonEld RonEld RonEld left review comments

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jainvikas8 @Patater @athoelke @RonEld @gilles-peskine-arm