wolfSSL Session Resumption Denial Of Service

# wolfSSL before 5.5.0: Denial-of-service with session resumption=================================================================## INFO=======The CVE project has assigned the id CVE-2022-38152 to this issue.Severity: 7.5 HIGHAffected version: before 5.5.0End of embargo: Ended August 30, 2022## SUMMARY==========When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called onits session, the server crashes with a segmentation fault. The bug occurs aftera client performs a handshake against a wolfSSL server and then closes theconnection. If the server reuses the previous session structure (struct WOLFSSL)by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello,which resumes the previous session, crashes the server. Note, that this bug onlyexists in resumed handshakes using TLS session resumption. This bug wasdiscovered using the novel symbolic-model-guided fuzzer tlspuffin.## DETAILS==========Line numbers below are valid for the wolfSSL Git tag v5.4.0-stable. Thevulnerability is exploitable with default compilation flags. If the --enable-postauth flag is used, then this bug is no longer exploitable. Whencreating a new TLS session (represented by a struct WOLFSSL), a struct calledarrays is allocated in internal.c:6652.```int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup){    ...    ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,DYNAMIC_TYPE_ARRAYS);    ...}```Note that this function is only called when creating a new session structureusing wolfSSL_new. After a handshake is done, resources related to it are freedby default using the FreeHandshakeResources function in line ssl.c:3735. Thisfrees the memory behind ssl->arrays and sets the pointer to NULL.```void FreeHandshakeResources(WOLFSSL* ssl){    ...    if (!ssl->options.tls1_3)        FreeArrays(ssl)    ...}void FreeArrays(WOLFSSL* ssl){...    ssl->arrays = NULL;}```If the compile flag --enable-postauth is not set, the variable options.tls1_3 isfalse, and therefore the arrays are freed. If --enable-postauth is set, then thearrays are not freed. The above code is executed during the handshake of a freshsession. Users of wolfSSL might not allocate a new session by usingwolfSSL_new(), but reuse a previous struct WOLFSSL. This can be done by callingwolfSSL_clear(WOLFSSL* ssl) on the previous session and reusing the struct. Thenext abbreviated handshake, which resumes the previous connection, will nowcause a segmentation fault in tls13.c:5296.  The segmentation fault occursbecause the arrays pointer still points to NULL as InitSSL is not called beforethe Client Hello is handled.## AFFECTED VERSIONS====================wolfSSL 5.3.0 and 5.4.0 are affected The server needs to handle sessions in anon-default way by using wolfSSL_clear## SUGGESTED REMEDIATION========================After a session has been cleared and is reused for the next client, it should bereinitialized.