forked from wolfSSL/wolfssl
Add check to see if thread modified session in AddSession
This commit is contained in:
Nickolas Lapp
60
src/ssl.c
60
src/ssl.c
@@ -1271,14 +1271,12 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
|
|||||||
if (ssl->session.isDynamic) {
|
if (ssl->session.isDynamic) {
|
||||||
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
|
XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
|
||||||
ssl->session.isDynamic = 0;
|
ssl->session.isDynamic = 0;
|
||||||
|
ssl->session.ticket = ssl->session.staticTicket;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->session.ticket = ssl->session.staticTicket;
|
|
||||||
ssl->session.ticketLen = (word16)bufSz;
|
|
||||||
XMEMCPY(ssl->session.ticket, buf, bufSz);
|
XMEMCPY(ssl->session.ticket, buf, bufSz);
|
||||||
} else { /* Ticket requires dynamic ticket storage */
|
} else { /* Ticket requires dynamic ticket storage */
|
||||||
/*Not big enough space, need to alloc */
|
if (ssl->session.ticketLen < bufSz) {
|
||||||
if (!(ssl->session.ticketLen >= bufSz)) {
|
|
||||||
if(ssl->session.isDynamic)
|
if(ssl->session.isDynamic)
|
||||||
XFREE(ssl->session.ticket, ssl->heap,
|
XFREE(ssl->session.ticket, ssl->heap,
|
||||||
DYNAMIC_TYPE_SESSION_TICK);
|
DYNAMIC_TYPE_SESSION_TICK);
|
||||||
@@ -7014,13 +7012,13 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
|
|||||||
if (masterSecret)
|
if (masterSecret)
|
||||||
XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
|
XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
|
||||||
#ifdef SESSION_CERTS
|
#ifdef SESSION_CERTS
|
||||||
/* If set, we should copy the session certs from the ssl object
|
/* If set, we should copy the session certs into the ssl object
|
||||||
* to the session we are returning so we can resume */
|
* from the session we are returning so we can resume */
|
||||||
if (restoreSessionCerts) {
|
if (restoreSessionCerts) {
|
||||||
ret->chain = ssl->session.chain;
|
ssl->session.chain = ret->chain;
|
||||||
ret->version = ssl->session.version;
|
ssl->session.version = ret->version;
|
||||||
ret->cipherSuite0 = ssl->session.cipherSuite0;
|
ssl->session.cipherSuite0 = ret->cipherSuite0;
|
||||||
ret->cipherSuite = ssl->session.cipherSuite;
|
ssl->session.cipherSuite = ret->cipherSuite;
|
||||||
}
|
}
|
||||||
#endif /* SESSION_CERTS */
|
#endif /* SESSION_CERTS */
|
||||||
|
|
||||||
@@ -7065,10 +7063,10 @@ int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
|
|||||||
copyInto->isDynamic = 0;
|
copyInto->isDynamic = 0;
|
||||||
}
|
}
|
||||||
/* Size of ticket to alloc if needed; Use later for alloc outside lock */
|
/* Size of ticket to alloc if needed; Use later for alloc outside lock */
|
||||||
if (copyFrom) {
|
if (copyFrom->isDynamic) {
|
||||||
doDynamicCopy = 1;
|
doDynamicCopy = 1;
|
||||||
ticketLen = copyFrom->ticketLen;
|
|
||||||
}
|
}
|
||||||
|
ticketLen = copyFrom->ticketLen;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
*copyInto = *copyFrom;
|
*copyInto = *copyFrom;
|
||||||
@@ -7091,7 +7089,7 @@ int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
|
|||||||
|
|
||||||
if (ticketLen != copyFrom->ticketLen) {
|
if (ticketLen != copyFrom->ticketLen) {
|
||||||
/* Another thread modified the ssl-> session ticket during alloc.
|
/* Another thread modified the ssl-> session ticket during alloc.
|
||||||
* Treat as error, as ticket different than when copy requested */
|
* Treat as error,si ticket different than when copy requested */
|
||||||
ret = VAR_STATE_CHANGE_E;
|
ret = VAR_STATE_CHANGE_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -7149,6 +7147,7 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
int error = 0;
|
int error = 0;
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
byte* tmpBuff = NULL;
|
byte* tmpBuff = NULL;
|
||||||
|
int ticLen = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (ssl->options.sessionCacheOff)
|
if (ssl->options.sessionCacheOff)
|
||||||
@@ -7169,9 +7168,10 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_SESSION_TICKET
|
#ifdef HAVE_SESSION_TICKET
|
||||||
|
ticLen = ssl->session.ticketLen;
|
||||||
/* Alloc Memory here so if Malloc fails can exit outside of lock */
|
/* Alloc Memory here so if Malloc fails can exit outside of lock */
|
||||||
if(ssl->session.ticketLen > SESSION_TICKET_LEN) {
|
if(ticLen > SESSION_TICKET_LEN) {
|
||||||
tmpBuff = XMALLOC(ssl->session.ticketLen, ssl->heap,
|
tmpBuff = XMALLOC(ticLen, ssl->heap,
|
||||||
DYNAMIC_TYPE_SESSION_TICK);
|
DYNAMIC_TYPE_SESSION_TICK);
|
||||||
if(!tmpBuff)
|
if(!tmpBuff)
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
@@ -7209,20 +7209,33 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
|
|
||||||
/* If too large to store in static buffer, use dyn buffer */
|
/* If too large to store in static buffer, use dyn buffer */
|
||||||
if (ssl->session.ticketLen > SESSION_TICKET_LEN) {
|
if (ssl->session.ticketLen > SESSION_TICKET_LEN) {
|
||||||
|
/* A different thread modified ssl's ticket since alloc */
|
||||||
|
if (ticLen != ssl->session.ticketLen) {
|
||||||
|
error = VAR_STATE_CHANGE_E;
|
||||||
|
} else {
|
||||||
SessionCache[row].Sessions[idx].ticket = tmpBuff;
|
SessionCache[row].Sessions[idx].ticket = tmpBuff;
|
||||||
SessionCache[row].Sessions[idx].isDynamic = 1;
|
SessionCache[row].Sessions[idx].isDynamic = 1;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
SessionCache[row].Sessions[idx].ticket =
|
SessionCache[row].Sessions[idx].ticket =
|
||||||
SessionCache[row].Sessions[idx].staticTicket;
|
SessionCache[row].Sessions[idx].staticTicket;
|
||||||
SessionCache[row].Sessions[idx].isDynamic = 0;
|
SessionCache[row].Sessions[idx].isDynamic = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (error == 0) {
|
||||||
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
|
SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
|
||||||
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
|
XMEMCPY(SessionCache[row].Sessions[idx].ticket,
|
||||||
ssl->session.ticket, ssl->session.ticketLen);
|
ssl->session.ticket, ssl->session.ticketLen);
|
||||||
|
} else {
|
||||||
|
SessionCache[row].Sessions[idx].ticket =
|
||||||
|
SessionCache[row].Sessions[idx].staticTicket;
|
||||||
|
SessionCache[row].Sessions[idx].isDynamic = 0;
|
||||||
|
SessionCache[row].Sessions[idx].ticketLen = 0;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef SESSION_CERTS
|
#ifdef SESSION_CERTS
|
||||||
|
if (error == 0) {
|
||||||
SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
|
SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
|
||||||
XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
|
XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
|
||||||
ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
|
ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
|
||||||
@@ -7230,21 +7243,23 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
SessionCache[row].Sessions[idx].version = ssl->version;
|
SessionCache[row].Sessions[idx].version = ssl->version;
|
||||||
SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
|
SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
|
||||||
SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
|
SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
|
||||||
|
}
|
||||||
#endif /* SESSION_CERTS */
|
#endif /* SESSION_CERTS */
|
||||||
|
if (error == 0) {
|
||||||
SessionCache[row].totalCount++;
|
SessionCache[row].totalCount++;
|
||||||
if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
|
if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
|
||||||
SessionCache[row].nextIdx = 0;
|
SessionCache[row].nextIdx = 0;
|
||||||
|
}
|
||||||
#ifndef NO_CLIENT_CACHE
|
#ifndef NO_CLIENT_CACHE
|
||||||
|
if (error == 0) {
|
||||||
if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
|
if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
|
||||||
word32 clientRow, clientIdx;
|
word32 clientRow, clientIdx;
|
||||||
|
|
||||||
WOLFSSL_MSG("Adding client cache entry");
|
WOLFSSL_MSG("Adding client cache entry");
|
||||||
|
|
||||||
SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
|
SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
|
||||||
XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
|
XMEMCPY(SessionCache[row].Sessions[idx].serverID,
|
||||||
ssl->session.idLen);
|
ssl->session.serverID, ssl->session.idLen);
|
||||||
|
|
||||||
clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
|
clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
|
||||||
&error) % SESSION_ROWS;
|
&error) % SESSION_ROWS;
|
||||||
@@ -7253,8 +7268,10 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
} else {
|
} else {
|
||||||
clientIdx = ClientCache[clientRow].nextIdx++;
|
clientIdx = ClientCache[clientRow].nextIdx++;
|
||||||
|
|
||||||
ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
|
ClientCache[clientRow].Clients[clientIdx].serverRow =
|
||||||
ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
|
(word16)row;
|
||||||
|
ClientCache[clientRow].Clients[clientIdx].serverIdx =
|
||||||
|
(word16)idx;
|
||||||
|
|
||||||
ClientCache[clientRow].totalCount++;
|
ClientCache[clientRow].totalCount++;
|
||||||
if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
|
if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
|
||||||
@@ -7263,6 +7280,7 @@ int AddSession(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
SessionCache[row].Sessions[idx].idLen = 0;
|
SessionCache[row].Sessions[idx].idLen = 0;
|
||||||
|
}
|
||||||
#endif /* NO_CLIENT_CACHE */
|
#endif /* NO_CLIENT_CACHE */
|
||||||
|
|
||||||
#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
|
#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
|
||||||
|
|||||||
Reference in New Issue
Block a user