From 35c9f1825a735737088e50d06fc70a4e85b0ead0 Mon Sep 17 00:00:00 2001 From: James Mayclin Date: Wed, 10 Jan 2024 14:56:02 -0800 Subject: [PATCH] fix: stack-use-after-scope variable ordering (#4355) Co-authored-by: Lindsay Stewart --- tls/s2n_ktls_io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tls/s2n_ktls_io.c b/tls/s2n_ktls_io.c index a1fd655bc9c..34a1de6f02d 100644 --- a/tls/s2n_ktls_io.c +++ b/tls/s2n_ktls_io.c @@ -423,8 +423,9 @@ ssize_t s2n_ktls_sendv_with_offset(struct s2n_connection *conn, const struct iov POSIX_GUARD_RESULT(s2n_sendv_with_offset_total_size(bufs, count_in, offs_in, &total_bytes)); POSIX_GUARD_RESULT(s2n_ktls_check_estimated_record_limit(conn, total_bytes)); - DEFER_CLEANUP(struct s2n_blob new_bufs = { 0 }, s2n_free_or_wipe); + /* The order of new_bufs and new_bufs_mem matters. See https://github.com/aws/s2n-tls/issues/4354 */ uint8_t new_bufs_mem[S2N_MAX_STACK_IOVECS_MEM] = { 0 }; + DEFER_CLEANUP(struct s2n_blob new_bufs = { 0 }, s2n_free_or_wipe); POSIX_GUARD(s2n_blob_init(&new_bufs, new_bufs_mem, sizeof(new_bufs_mem))); if (offs > 0) { POSIX_GUARD_RESULT(s2n_ktls_update_bufs_with_offset(&bufs, &count, offs, &new_bufs));