feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Peer review fixes. Check idSz and add comment about session variable use.

Browse Source
This commit is contained in:
David Garske
2022-02-25 10:58:19 -08:00
parent a39a1c1d87
commit 821fd3c898
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/internal.c
View File

@@ -30626,6 +30626,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
id = ssl->session->altSessionID; id = ssl->session->altSessionID;
idSz = ID_LEN; idSz = ID_LEN;
} }
/* make sure idSz is not larger than ID_LEN */
if (idSz > ID_LEN)
idSz = ID_LEN;
XMEMCPY(it.id, id, idSz); XMEMCPY(it.id, id, idSz);
} }
#endif #endif

3
src/ssl.c
View File

@@ -15769,6 +15769,9 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
sessRow = NULL; sessRow = NULL;
} }
/* Note: the `session` variable cannot be used below, since the row is
* un-locked */
if (ret != WOLFSSL_SUCCESS) if (ret != WOLFSSL_SUCCESS)
return ret; return ret;