Merge pull request #8249 from julek-wolfssl/sessionIDSz-fix

Add size checks to sessionID
2024-12-04 10:06:25 -06:00 · 2024-12-04 10:06:25 -06:00 · 35e50742db
parent f7a55c6e76 8ff79dc26e
commit 35e50742db
3 changed files with 14 additions and 9 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -30288,7 +30288,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
 #endif

        ret = ret ||
-              (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
+              (ssl->options.haveSessionId && ssl->arrays->sessionIDSz == ID_LEN
+                      && ssl->session->sessionIDSz == ID_LEN
+                      && XMEMCMP(ssl->arrays->sessionID,
                              ssl->session->sessionID, ID_LEN) == 0);

        return ret;
--- a/src/sniffer.c
+++ b/src/sniffer.c
@ -3854,7 +3854,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
 #endif

    if (session->sslServer->options.haveSessionId) {
-        if (XMEMCMP(session->sslServer->arrays->sessionID,
+        if (session->sslServer->arrays->sessionIDSz == ID_LEN &&
+                session->sslClient->arrays->sessionIDSz == ID_LEN &&
+                XMEMCMP(session->sslServer->arrays->sessionID,
                        session->sslClient->arrays->sessionID, ID_LEN) == 0) {
            doResume = 1;
        }
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@ -823,10 +823,8 @@ void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
 void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
 {
    int i, j;
-    byte id[ID_LEN];

    (void)ctx;
-    XMEMSET(id, 0, ID_LEN);
    WOLFSSL_ENTER("wolfSSL_flush_sessions");
    for (i = 0; i < SESSION_ROWS; ++i) {
        if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) {
@ -843,8 +841,7 @@ void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm)
 #ifdef SESSION_CACHE_DYNAMIC_MEM
                s != NULL &&
 #endif
-                s->sessionIDSz == ID_LEN &&
-                XMEMCMP(s->sessionID, id, ID_LEN) != 0 &&
+                s->sessionIDSz > 0 &&
                s->bornOn + s->timeout < (word32)tm
                )
            {
@ -3135,6 +3132,10 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
    id = session->sessionID;
    if (session->haveAltSessionID)
        id = session->altSessionID;
+    else if (session->sessionIDSz != ID_LEN) {
+        WOLFSSL_MSG("Incorrect sessionIDSz");
+        return;
+    }

    row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS);
    if (error != 0) {
@ -3159,7 +3160,7 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx,
 #else
        cacheSession = &sessRow->Sessions[i];
 #endif
-        if (cacheSession &&
+        if (cacheSession && cacheSession->sessionIDSz == ID_LEN &&
                XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0
                && session->side == cacheSession->side
        #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)