mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 03:30:50 +02:00
Pad session ID with 0s if session ticket length is less than ID_LEN.
Prevents underflow in SetTicket. Thanks to Arjuna Arya for discovering and reporting this.
This commit is contained in:
+6
-2
@@ -34824,6 +34824,8 @@ exit_scv:
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
|
||||
{
|
||||
word32 sessIdLen = (length >= ID_LEN) ? ID_LEN : length;
|
||||
|
||||
if (!HaveUniqueSessionObj(ssl))
|
||||
return MEMORY_ERROR;
|
||||
|
||||
@@ -34856,15 +34858,17 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
|
||||
ssl->options.haveSessionId = 1;
|
||||
#ifdef WOLFSSL_TLS13
|
||||
if (ssl->options.tls1_3) {
|
||||
XMEMSET(ssl->session->sessionID, 0, ID_LEN);
|
||||
XMEMCPY(ssl->session->sessionID,
|
||||
ssl->session->ticket + length - ID_LEN, ID_LEN);
|
||||
ssl->session->ticket + length - sessIdLen, sessIdLen);
|
||||
ssl->session->sessionIDSz = ID_LEN;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
XMEMSET(ssl->arrays->sessionID, 0, ID_LEN);
|
||||
XMEMCPY(ssl->arrays->sessionID,
|
||||
ssl->session->ticket + length - ID_LEN, ID_LEN);
|
||||
ssl->session->ticket + length - sessIdLen, sessIdLen);
|
||||
ssl->arrays->sessionIDSz = ID_LEN;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user