Merge pull request #7683 from SparkiDev/def_ticket_cb_inlen

SSL default ticket encryption callback: check in len on decrypt
2025-07-30 18:57:27 +02:00 · 2024-06-28 16:04:58 -06:00
parent 4913289ce5 6d0dc7f2e7
commit 80d4f71eb9
1 changed files with 4 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -38846,6 +38846,10 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],

    WOLFSSL_ENTER("DefTicketEncCb");

+    if ((!enc) && (inLen != sizeof(InternalTicket))) {
+        return BUFFER_E;
+    }
+
    /* Check we have setup the RNG, name and primary key. */
    if (keyCtx->expirary[0] == 0) {
 #ifndef SINGLE_THREADED