wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 12:44:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

allow bogus client sessoinID of non 32 bytes with session ticket

Browse Source
This commit is contained in:
toddouska
2016-07-13 09:47:49 -06:00
parent b6aefad568
commit 7b76c3ab36
1 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/internal.c
View File

@@ -15646,10 +15646,14 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
length += TLSX_GetResponseSize(ssl); length += TLSX_GetResponseSize(ssl);
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->options.useTicket && ssl->arrays->sessionIDSz == 0) { if (ssl->options.useTicket) {
/* no session id */ /* echo session id sz can be 0,32 or bogus len inbetween */
length -= ID_LEN; sessIdSz = ssl->arrays->sessionIDSz;
sessIdSz = 0; if (sessIdSz > ID_LEN) {
WOLFSSL_MSG("Bad bogus session id len");
return BUFFER_ERROR;
}
length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */
} }
#endif /* HAVE_SESSION_TICKET */ #endif /* HAVE_SESSION_TICKET */
#endif #endif
@@ -17307,6 +17311,7 @@ int DoSessionTicket(WOLFSSL* ssl,
word32 helloSz) word32 helloSz)
{ {
byte b; byte b;
byte bogusID = 0; /* flag for a bogus session id */
ProtocolVersion pv; ProtocolVersion pv;
Suites clSuites; Suites clSuites;
word32 i = *inOutIdx; word32 i = *inOutIdx;
@@ -17429,19 +17434,26 @@ int DoSessionTicket(WOLFSSL* ssl,
/* session id */ /* session id */
b = input[i++]; b = input[i++];
if (b == ID_LEN) { #ifdef HAVE_SESSION_TICKET
if ((i - begin) + ID_LEN > helloSz) if (b > 0 && b < ID_LEN) {
bogusID = 1;
WOLFSSL_MSG("Client sent bogus session id, let's allow for echo");
}
#endif
if (b == ID_LEN || bogusID) {
if ((i - begin) + b > helloSz)
return BUFFER_ERROR; return BUFFER_ERROR;
XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN); XMEMCPY(ssl->arrays->sessionID, input + i, b);
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (ssl->options.dtls) { if (ssl->options.dtls) {
int ret = wc_HmacUpdate(&cookieHmac, input + i - 1, ID_LEN + 1); int ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
if (ret != 0) return ret; if (ret != 0) return ret;
} }
#endif /* WOLFSSL_DTLS */ #endif /* WOLFSSL_DTLS */
ssl->arrays->sessionIDSz = ID_LEN; ssl->arrays->sessionIDSz = b;
i += ID_LEN; i += b;
ssl->options.resuming = 1; /* client wants to resume */ ssl->options.resuming = 1; /* client wants to resume */
WOLFSSL_MSG("Client wants to resume session"); WOLFSSL_MSG("Client wants to resume session");
} }
@@ -17656,6 +17668,9 @@ int DoSessionTicket(WOLFSSL* ssl,
#ifdef HAVE_SESSION_TICKET #ifdef HAVE_SESSION_TICKET
if (ssl->options.useTicket == 1) { if (ssl->options.useTicket == 1) {
session = &ssl->session; session = &ssl->session;
} else if (bogusID) {
WOLFSSL_MSG("Bogus session ID without session ticket");
return BUFFER_ERROR;
} }
#endif #endif