ID 4. Possibility of method_tls class initialization list optimization from security audit fixed

2016-10-03 12:45:55 +02:00
parent c0b51f767c
commit b3d4e6b085
3 changed files with 62 additions and 20 deletions
--- a/lib/TLS/include/Method.h
+++ b/lib/TLS/include/Method.h
@@ -461,7 +461,7 @@ namespace eap
        winstd::crypt_hash m_hash_handshake_msgs_sha1;          ///< Running SHA-1 hash of handshake messages
        winstd::crypt_hash m_hash_handshake_msgs_sha256;        ///< Running SHA-256 hash of handshake messages

-        bool m_handshake[tls_handshake_type_max];               ///< Handshake flags (map od handshake messages received)
+        tls_handshake_flags m_handshake;                        ///< Handshake flags (map od handshake messages received)

        enum {
            phase_unknown = -1,                                 ///< Unknown phase
--- a/lib/TLS/include/TLS.h
+++ b/lib/TLS/include/TLS.h
@@ -96,12 +96,19 @@ namespace eap
    /// EAP-TLS packet
    ///
    class packet_tls;
+
+    ///
+    /// TLS map of handshake messages received
+    ///
+    class tls_handshake_flags;
 }

 #pragma once

 #include <memory>

+#include <assert.h>
+

 namespace eap
 {
@@ -615,4 +622,50 @@ namespace eap
    public:
        unsigned char m_flags;  ///< Packet flags
    };
+
+
+    class tls_handshake_flags
+    {
+    public:
+        ///
+        /// Constructs an empty set of flags
+        ///
+        inline tls_handshake_flags()
+        {
+            memset(m_flags, 0, sizeof(m_flags));
+        }
+
+        ///
+        /// Empty set of flags
+        ///
+        inline void clear()
+        {
+            memset(m_flags, 0, sizeof(m_flags));
+        }
+
+        ///
+        /// Set particular flag
+        ///
+        /// \param[in] type  TLS handshake message to set its flag
+        ///
+        inline void set(_In_ tls_handshake_type_t type)
+        {
+            assert(tls_handshake_type_min <= type && type < tls_handshake_type_max);
+            m_flags[type] = true;
+        }
+
+        ///
+        /// Get particular flag
+        ///
+        /// \param[in] type  TLS handshake message to get its flag
+        ///
+        inline bool operator[](_In_ tls_handshake_type_t type) const
+        {
+            assert(tls_handshake_type_min <= type && type < tls_handshake_type_max);
+            return m_flags[type];
+        }
+
+    protected:
+        bool m_flags[tls_handshake_type_max];   ///< Set of flags
+    };
 }