mbedtls: Update to upstream version 2.16.9

author: Rémi Verschelde <rverschelde@gmail.com> 2020-12-18 21:22:37 +0100
committer: Rémi Verschelde <rverschelde@gmail.com> 2020-12-18 21:43:21 +0100
commit: 2872006039f77748479a2feeb3a8dcf5a0bc9d90 (patch)
tree: ef5d082b00fd6c27d608aec0ac2989d6a1da612f /thirdparty/mbedtls/library/ssl_srv.c
parent: 7ad29ed64e850fd43ba7ceb1cfaab4e015ef7b97 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/thirdparty/mbedtls/library/ssl_srv.c b/thirdparty/mbedtls/library/ssl_srv.c
index 97b778452c..cbf6142ac2 100644
--- a/thirdparty/mbedtls/library/ssl_srv.c
+++ b/thirdparty/mbedtls/library/ssl_srv.c
@@ -3587,11 +3587,12 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
     /* In case of a failure in decryption, the decryption may write less than
      * 2 bytes of output, but we always read the first two bytes. It doesn't
      * matter in the end because diff will be nonzero in that case due to
-     * peer_pmslen being less than 48, and we only care whether diff is 0.
-     * But do initialize peer_pms for robustness anyway. This also makes
-     * memory analyzers happy (don't access uninitialized memory, even
-     * if it's an unsigned char). */
+     * ret being nonzero, and we only care whether diff is 0.
+     * But do initialize peer_pms and peer_pmslen for robustness anyway. This
+     * also makes memory analyzers happy (don't access uninitialized memory,
+     * even if it's an unsigned char). */
     peer_pms[0] = peer_pms[1] = ~0;
+    peer_pmslen = 0;
 
     ret = ssl_decrypt_encrypted_pms( ssl, p, end,
                                      peer_pms,
author	Rémi Verschelde <rverschelde@gmail.com>	2020-12-18 21:22:37 +0100
committer	Rémi Verschelde <rverschelde@gmail.com>	2020-12-18 21:43:21 +0100
commit	2872006039f77748479a2feeb3a8dcf5a0bc9d90 (patch)
tree	ef5d082b00fd6c27d608aec0ac2989d6a1da612f /thirdparty/mbedtls/library/ssl_srv.c
parent	7ad29ed64e850fd43ba7ceb1cfaab4e015ef7b97 (diff)