diff options
| author | Michael Brown | 2018-03-23 12:07:29 +0100 |
|---|---|---|
| committer | Michael Brown | 2018-03-23 12:07:29 +0100 |
| commit | ac4fbd47aea136185e17975bd68c268bf0cc081e (patch) | |
| tree | 8ea416300c55842cb0fa4b43ea34743b99fb6be5 | |
| parent | [util] Support reversed sort ordering when generating NIC list (diff) | |
| download | ipxe-ac4fbd47aea136185e17975bd68c268bf0cc081e.tar.gz ipxe-ac4fbd47aea136185e17975bd68c268bf0cc081e.tar.xz ipxe-ac4fbd47aea136185e17975bd68c268bf0cc081e.zip | |
[tls] Ensure received data list is initialised before calling tls_free()
A failure in tls_generate_random() will result in a call to ref_put()
before the received data list has been initialised, which will cause
free_tls() to attempt to traverse an uninitialised list.
Fix by ensuring that all fields referenced by free_tls() are
initialised before any of the potential failure paths.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/net/tls.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index b197c111..329c6fe0 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -2788,6 +2788,9 @@ int add_tls ( struct interface *xfer, const char *name, tls_clear_cipher ( tls, &tls->rx_cipherspec ); tls_clear_cipher ( tls, &tls->rx_cipherspec_pending ); tls->client_random.gmt_unix_time = time ( NULL ); + iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0, + sizeof ( tls->rx_header ) ); + INIT_LIST_HEAD ( &tls->rx_data ); if ( ( rc = tls_generate_random ( tls, &tls->client_random.random, ( sizeof ( tls->client_random.random ) ) ) ) != 0 ) { goto err_random; @@ -2797,9 +2800,6 @@ int add_tls ( struct interface *xfer, const char *name, ( sizeof ( tls->pre_master_secret.random ) ) ) ) != 0 ) { goto err_random; } - iob_populate ( &tls->rx_header_iobuf, &tls->rx_header, 0, - sizeof ( tls->rx_header ) ); - INIT_LIST_HEAD ( &tls->rx_data ); /* Start negotiation */ tls_restart ( tls ); |