Skip to content

Commit

Permalink
Add size checks to sessionID
Browse files Browse the repository at this point in the history
  • Loading branch information
julek-wolfssl committed Dec 4, 2024
1 parent f7a55c6 commit 8ff79dc
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 9 deletions.
6 changes: 4 additions & 2 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -30288,8 +30288,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
#endif

ret = ret ||
(ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
ssl->session->sessionID, ID_LEN) == 0);
(ssl->options.haveSessionId && ssl->arrays->sessionIDSz == ID_LEN
&& ssl->session->sessionIDSz == ID_LEN
&& XMEMCMP(ssl->arrays->sessionID,
ssl->session->sessionID, ID_LEN) == 0);

return ret;
}
Expand Down
6 changes: 4 additions & 2 deletions src/sniffer.c
Original file line number Diff line number Diff line change
Expand Up @@ -3854,8 +3854,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
#endif

if (session->sslServer->options.haveSessionId) {
if (XMEMCMP(session->sslServer->arrays->sessionID,
session->sslClient->arrays->sessionID, ID_LEN) == 0) {
if (session->sslServer->arrays->sessionIDSz == ID_LEN &&
session->sslClient->arrays->sessionIDSz == ID_LEN &&
XMEMCMP(session->sslServer->arrays->sessionID,
session->sslClient->arrays->sessionID, ID_LEN) == 0) {
doResume = 1;
}
}
Expand Down
11 changes: 6 additions & 5 deletions src/ssl_sess.c
Original file line number Diff line number Diff line change
Expand Up @@ -823,10 +823,8 @@ void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
{
int i, j;
byte id[ID_LEN];

(void)ctx;
XMEMSET(id, 0, ID_LEN);
WOLFSSL_ENTER("wolfSSL_flush_sessions");
for (i = 0; i < SESSION_ROWS; ++i) {
if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
Expand All @@ -843,8 +841,7 @@ void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
#ifdef SESSION_CACHE_DYNAMIC_MEM
s != NULL &&
#endif
s->sessionIDSz == ID_LEN &&
XMEMCMP(s->sessionID, id, ID_LEN) != 0 &&
s->sessionIDSz > 0 &&
s->bornOn + s->timeout < (word32)tm
)
{
Expand Down Expand Up @@ -3135,6 +3132,10 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
id = session->sessionID;
if (session->haveAltSessionID)
id = session->altSessionID;
else if (session->sessionIDSz != ID_LEN) {
WOLFSSL_MSG("Incorrect sessionIDSz");
return;
}

row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS);
if (error != 0) {
Expand All @@ -3159,7 +3160,7 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
#else
cacheSession = &sessRow->Sessions[i];
#endif
if (cacheSession &&
if (cacheSession && cacheSession->sessionIDSz == ID_LEN &&
XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0
&& session->side == cacheSession->side
#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
Expand Down

0 comments on commit 8ff79dc

Please sign in to comment.