Fix the client PSK callback to always null terminate after callback. Remove the +1 on the test.h examples for PSK callbacks.

2025-08-03 20:54:41 +02:00 · 2017-05-01 12:10:05 -07:00
parent fb90a4e498
commit f19cf4cb34
2 changed files with 5 additions and 4 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -16777,6 +16777,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                        ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
                        ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                    }
+                    ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                    args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
                    if (args->encSz > MAX_PSK_ID_LEN) {
                        ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
@@ -16813,6 +16814,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
                        ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                    }
+                    ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                    esSz = (word32)XSTRLEN(ssl->arrays->client_identity);

                    if (esSz > MAX_PSK_ID_LEN) {
@@ -16870,7 +16872,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                                     ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
                        ERROR_OUT(PSK_KEY_ERROR, exit_scke);
                    }
-
+                    ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
                    esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
                    if (esSz > MAX_PSK_ID_LEN) {
                        ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1019,9 +1019,8 @@ static INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
    (void)hint;
    (void)key_max_len;

-    /* id_max_len allows + 1 for null termination */
    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
-    strncpy(identity, kIdentityStr, id_max_len + 1);
+    strncpy(identity, kIdentityStr, id_max_len);

    /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using
       unsigned binary */
@@ -1041,7 +1040,7 @@ static INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity,
    (void)key_max_len;

    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
-    if (strncmp(identity, kIdentityStr, strlen(kIdentityStr) + 1) != 0)
+    if (strncmp(identity, kIdentityStr, strlen(kIdentityStr)) != 0)
        return 0;

    /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using