mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 20:40:50 +02:00
Fix session cache restore dangling pointer (ZD 21423)
Reinitialize pointer fields in WOLFSSL_SESSION after raw XMEMCPY or XFREAD in wolfSSL_memrestore_session_cache and wolfSSL_restore_session_cache. After restore, ticket is reset to staticTicket, ticketLenAlloc to 0, and peer to NULL.
This commit is contained in:
committed by
JacobBarthelmeh
parent
c563f3932a
commit
985cceaa97
@@ -522,6 +522,22 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz)
|
||||
#endif
|
||||
|
||||
XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW);
|
||||
#ifndef SESSION_CACHE_DYNAMIC_MEM
|
||||
/* Reset pointers to safe values after raw copy */
|
||||
{
|
||||
int j;
|
||||
for (j = 0; j < SESSIONS_PER_ROW; j++) {
|
||||
WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j];
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
s->ticket = s->staticTicket;
|
||||
s->ticketLenAlloc = 0;
|
||||
#endif
|
||||
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
|
||||
s->peer = NULL;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifdef ENABLE_SESSION_CACHE_ROW_LOCK
|
||||
SESSION_ROW_UNLOCK(&SessionCache[i]);
|
||||
#endif
|
||||
@@ -681,6 +697,22 @@ int wolfSSL_restore_session_cache(const char *fname)
|
||||
#endif
|
||||
|
||||
ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
|
||||
#ifndef SESSION_CACHE_DYNAMIC_MEM
|
||||
/* Reset pointers to safe values after raw copy */
|
||||
{
|
||||
int j;
|
||||
for (j = 0; j < SESSIONS_PER_ROW; j++) {
|
||||
WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j];
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
s->ticket = s->staticTicket;
|
||||
s->ticketLenAlloc = 0;
|
||||
#endif
|
||||
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
|
||||
s->peer = NULL;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#ifdef ENABLE_SESSION_CACHE_ROW_LOCK
|
||||
SESSION_ROW_UNLOCK(&SessionCache[i]);
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user