Skip to content

fix: zero-init RNG DMA response struct#446

Open
MarkAtwood wants to merge 1 commit into
wolfSSL:mainfrom
MarkAtwood:fix/rngdma-uninit-response
Open

fix: zero-init RNG DMA response struct#446
MarkAtwood wants to merge 1 commit into
wolfSSL:mainfrom
MarkAtwood:fix/rngdma-uninit-response

Conversation

@MarkAtwood

Copy link
Copy Markdown

Bug

_HandleRngDma in src/wh_server_crypto.c declares its response struct whMessageCrypto_RngDmaResponse res; without initialization. That type is composed entirely of a 16-byte dmaAddrStatus.badAddr field, which is written only on the two WH_ERROR_ACCESS DMA-bounds-check branches. On the success path (and on any non-ACCESS error from wc_RNG_GenerateBlock) nothing in res is written, yet the full struct is unconditionally translated via wh_MessageCrypto_TranslateRngDmaResponse and *outSize = sizeof(res) (16 bytes) is returned to the client. Result: 16 bytes of indeterminate server stack are disclosed to the client on every successful RNG-DMA call.

Fix

Zero-initialize the response struct at declaration: whMessageCrypto_RngDmaResponse res = {0};. One line, self-contained; eliminates the indeterminate-stack disclosure on the success and non-ACCESS-error paths.

Verification

Reproduced against master HEAD. Compiled the translation unit with the live config (-DWOLFHSM_CFG -DWOLFHSM_CFG_DMA, WC_NO_RNG undefined) against a wolfSSL --enable-all install — clean before and after the fix (gcc -Wall -Wextra, exit 0). The handler is live: guarded by #ifdef WOLFHSM_CFG_DMA + #ifndef WC_NO_RNG, which is the config a real posix server build uses.

Reported by static analysis (Fenrir finding 464).

Copilot AI review requested due to automatic review settings July 9, 2026 23:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.

Fixes an information disclosure bug in the RNG-DMA handler by ensuring the response struct is initialized before being serialized back to the client.

Changes:

  • Zero-initialize whMessageCrypto_RngDmaResponse res in _HandleRngDma to prevent leaking uninitialized stack data in responses.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/wh_server_crypto.c
int ret = 0;
whMessageCrypto_RngDmaRequest req;
whMessageCrypto_RngDmaResponse res;
whMessageCrypto_RngDmaResponse res = {0};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants