summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Brown2018-03-23 12:07:29 +0100
committerMichael Brown2018-03-23 12:07:29 +0100
commitac4fbd47aea136185e17975bd68c268bf0cc081e (patch)
tree8ea416300c55842cb0fa4b43ea34743b99fb6be5
parent[util] Support reversed sort ordering when generating NIC list (diff)
downloadipxe-ac4fbd47aea136185e17975bd68c268bf0cc081e.tar.gz
ipxe-ac4fbd47aea136185e17975bd68c268bf0cc081e.tar.xz
ipxe-ac4fbd47aea136185e17975bd68c268bf0cc081e.zip
[tls] Ensure received data list is initialised before calling tls_free()
A failure in tls_generate_random() will result in a call to ref_put() before the received data list has been initialised, which will cause free_tls() to attempt to traverse an uninitialised list. Fix by ensuring that all fields referenced by free_tls() are initialised before any of the potential failure paths. Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r--src/net/tls.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/net/tls.c b/src/net/tls.c
index b197c111..329c6fe0 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -2788,6 +2788,9 @@ int add_tls ( struct interface *xfer, const char *name,
tls_clear_cipher ( tls, &tls->rx_cipherspec );
tls_clear_cipher ( tls, &tls->rx_cipherspec_pending );
tls->client_random.gmt_unix_time = time ( NULL );
+ iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0,
+ sizeof ( tls->rx_header ) );
+ INIT_LIST_HEAD ( &tls->rx_data );
if ( ( rc = tls_generate_random ( tls, &tls->client_random.random,
( sizeof ( tls->client_random.random ) ) ) ) != 0 ) {
goto err_random;
@@ -2797,9 +2800,6 @@ int add_tls ( struct interface *xfer, const char *name,
( sizeof ( tls->pre_master_secret.random ) ) ) ) != 0 ) {
goto err_random;
}
- iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0,
- sizeof ( tls->rx_header ) );
- INIT_LIST_HEAD ( &tls->rx_data );
/* Start negotiation */
tls_restart ( tls );