Pad session ID with 0s if session ticket length is less than ID_LEN.

Prevents underflow in SetTicket.
Thanks to Arjuna Arya for discovering and reporting this.
This commit is contained in:
Kareem
2026-02-23 15:26:54 -07:00
parent a08efc9b0a
commit 0463e37716
+6 -2
View File
@@ -34824,6 +34824,8 @@ exit_scv:
#ifdef HAVE_SESSION_TICKET
int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
{
word32 sessIdLen = (length >= ID_LEN) ? ID_LEN : length;
if (!HaveUniqueSessionObj(ssl))
return MEMORY_ERROR;
@@ -34856,15 +34858,17 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
ssl->options.haveSessionId = 1;
#ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) {
XMEMSET(ssl->session->sessionID, 0, ID_LEN);
XMEMCPY(ssl->session->sessionID,
ssl->session->ticket + length - ID_LEN, ID_LEN);
ssl->session->ticket + length - sessIdLen, sessIdLen);
ssl->session->sessionIDSz = ID_LEN;
}
else
#endif
{
XMEMSET(ssl->arrays->sessionID, 0, ID_LEN);
XMEMCPY(ssl->arrays->sessionID,
ssl->session->ticket + length - ID_LEN, ID_LEN);
ssl->session->ticket + length - sessIdLen, sessIdLen);
ssl->arrays->sessionIDSz = ID_LEN;
}
}