From c94b3e41ee1494c8e02b8248f8641efc87293637 Mon Sep 17 00:00:00 2001 From: Gabor Abonyi Date: Mon, 3 Feb 2020 13:47:42 +0100 Subject: [PATCH] Fix psa_key_management_operations At these locations, psa_key_attribute variables are used without initialisation. The function getting it (psa_get_key_attributes), is freeing attributes->domain_parameters, which can contain random address from the stack. Signed-off-by: Gabor Abonyi --- .../services/crypto/COMPONENT_SPE/psa_crypto_partition.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c index 08893ce7574..691dc17de0e 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c @@ -1822,7 +1822,7 @@ static void psa_key_management_operation(void) switch (psa_key_mng.func) { case PSA_GET_KEY_ATTRIBUTES: { - psa_key_attributes_t attributes; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_client_key_attributes_t client; if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, @@ -1882,7 +1882,7 @@ static void psa_key_management_operation(void) case PSA_IMPORT_KEY: { size_t attributes_length = msg.in_size[1]; - psa_key_attributes_t attributes; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t data_length = msg.in_size[2]; uint8_t *data = NULL; psa_key_handle_t handle;