Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Secure Session serialization format #658

Merged
merged 2 commits into from
Jun 16, 2020

Commits on Jun 16, 2020

  1. Fix Secure Session serialization format

    secure_session_save() saves short serialized Secure Session state.
    
    That is, it writes "is_client" as 4-byte value while its size in
    SESSION_CTX_SERIZALIZED_SIZE is computed as sizeof(bool) which is 1 byte
    on most platforms. This causes 3 least significant bytes of "in_seq"
    being missing from the serialized data.
    
    Correct size of Secure Session state is 60 bytes, we report only 57.
    
    This issue is not detected by unit tests of JavaThemis -- the only
    high-level wrapper supporting this interface -- which works only because
    the allocated memory for the output array is slightly bigger than
    requested 57 bytes, extra 3 bytes written past-the-end remain there
    in RAM and the unit test generally works, if the data stays where it is.
    However, sometimes garbage collection occurs at the right moment and the
    issue manifests itself as a failing Secure Session test.
    
    Now the output size is reported correctly and all Secure Session data is
    written within the allocated bounds.
    ilammy committed Jun 16, 2020
    Configuration menu
    Copy the full SHA
    878062e View commit details
    Browse the repository at this point in the history
  2. Fix typo in constant name

    While we're here and touching this code anyway, let's correct the name
    of the constant too.
    ilammy committed Jun 16, 2020
    Configuration menu
    Copy the full SHA
    2b27caa View commit details
    Browse the repository at this point in the history