Skip to content

Add refcounts on key, keyMask, altKey, altKeyMask to prevent UAF#10865

Closed
padelsbach wants to merge 5 commits into
wolfSSL:masterfrom
padelsbach:cert-alias-sni-uaf-pk
Closed

Add refcounts on key, keyMask, altKey, altKeyMask to prevent UAF#10865
padelsbach wants to merge 5 commits into
wolfSSL:masterfrom
padelsbach:cert-alias-sni-uaf-pk

Conversation

@padelsbach

@padelsbach padelsbach commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Description

This is a follow up to #10860. In this case, if the application replaces the private key file in the SNI callback (which frees and zeros the buffers) a subsequent sign operation would use stale or zeroed key.

This is a more impactful bug than in #10860. Fix is again to use refcounters on the fields.

Testing

Added unit test.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@padelsbach padelsbach force-pushed the cert-alias-sni-uaf-pk branch from ed5155d to f8b4412 Compare July 9, 2026 04:22
@padelsbach padelsbach force-pushed the cert-alias-sni-uaf-pk branch from f8b4412 to 160f72f Compare July 9, 2026 05:17
@padelsbach

padelsbach commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

jenkins retest this please

@padelsbach

Copy link
Copy Markdown
Contributor Author

Will redesign a solution to prevent/block this scenario rather than try to fix it. Closing this PR.

@padelsbach padelsbach closed this Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant