Merge pull request #7096 from julek-wolfssl/zd/17219

SparkiDev · web-flow · commit 9e468a900bda · 2024-01-05T07:24:00.000+10:00
Add fencing to ClientSessionToSession()
diff --git a/src/ssl.c b/src/ssl.c
@@ -14461,6 +14461,9 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session)
             WOLFSSL_MSG("Client cache serverRow or serverIdx invalid");
             error = -1;
         }
+        /* Prevent memory access before clientSession->serverRow and
+         * clientSession->serverIdx are sanitized. */
+        XFENCE();
         if (error == 0) {
             /* Lock row */
             sessRow = &SessionCache[clientSession->serverRow];
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
@@ -1180,6 +1180,33 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #endif
 #endif
 
+#ifdef WOLF_C99
+    /* use alternate keyword for compatibility with -std=c99 */
+    #define XASM_VOLATILE(a) __asm__ volatile(a)
+#elif defined(__IAR_SYSTEMS_ICC__)
+    #define XASM_VOLATILE(a) asm volatile(a)
+#elif defined(__KEIL__)
+    #define XASM_VOLATILE(a) __asm volatile(a)
+#else
+    #define XASM_VOLATILE(a) __asm__ __volatile__(a)
+#endif
+
+#ifndef WOLFSSL_NO_FENCE
+    #if defined (__i386__) || defined(__x86_64__)
+        #define XFENCE() XASM_VOLATILE("lfence")
+    #elif defined (__arm__) || defined(__aarch64__)
+        #define XFENCE() XASM_VOLATILE("isb")
+    #elif defined(__riscv)
+        #define XFENCE() XASM_VOLATILE("fence")
+    #elif defined(__PPC__)
+        #define XFENCE() XASM_VOLATILE("isync; sync")
+    #else
+        #define XFENCE() do{}while(0)
+    #endif
+#else
+    #define XFENCE() do{}while(0)
+#endif
+
 
     /* AFTER user_settings.h is loaded,
     ** determine if POSIX multi-threaded: HAVE_PTHREAD  */
