Fix session save-load overflow issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
parent
ecd7528c7f
commit
6af2a6da74
1 changed files with 13 additions and 8 deletions
|
@ -297,14 +297,15 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( src->hostname != NULL )
|
if( src->endpoint == MBEDTLS_SSL_IS_CLIENT && src->hostname != NULL )
|
||||||
{
|
{
|
||||||
dst->hostname = mbedtls_calloc( 1, src->hostname_len );
|
dst->hostname = mbedtls_calloc( 1, src->hostname_len );
|
||||||
if( dst->hostname == NULL )
|
if( dst->hostname == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
|
|
||||||
memcpy( dst->hostname, src->hostname, src->hostname_len );
|
memcpy( dst->hostname, src->hostname, src->hostname_len );
|
||||||
|
dst->hostname_len = src->hostname_len;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1945,6 +1946,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
|
||||||
/* Serialization of TLS 1.3 sessions:
|
/* Serialization of TLS 1.3 sessions:
|
||||||
*
|
*
|
||||||
* struct {
|
* struct {
|
||||||
|
* opaque hostname<1..2^16-1>;
|
||||||
* uint64 ticket_received;
|
* uint64 ticket_received;
|
||||||
* uint32 ticket_lifetime;
|
* uint32 ticket_lifetime;
|
||||||
* opaque ticket<1..2^16-1>;
|
* opaque ticket<1..2^16-1>;
|
||||||
|
@ -1956,7 +1958,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite(
|
||||||
* uint32 ticket_age_add;
|
* uint32 ticket_age_add;
|
||||||
* uint8 ticket_flags;
|
* uint8 ticket_flags;
|
||||||
* opaque resumption_key<0..255>;
|
* opaque resumption_key<0..255>;
|
||||||
* opaque hostname<1..2^8-1>;
|
*
|
||||||
* select ( endpoint ) {
|
* select ( endpoint ) {
|
||||||
* case client: ClientOnlyData;
|
* case client: ClientOnlyData;
|
||||||
* case server: uint64 start_time;
|
* case server: uint64 start_time;
|
||||||
|
@ -2021,13 +2023,13 @@ static int ssl_tls13_session_save( const mbedtls_ssl_session *session,
|
||||||
memcpy( p, session->resumption_key, session->resumption_key_len );
|
memcpy( p, session->resumption_key, session->resumption_key_len );
|
||||||
p += session->resumption_key_len;
|
p += session->resumption_key_len;
|
||||||
|
|
||||||
p[0] = session->hostname_len;
|
|
||||||
p++;
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT &&
|
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
session->hostname_len > 0 &&
|
|
||||||
session->hostname != NULL )
|
|
||||||
{
|
{
|
||||||
|
p[0] = session->hostname_len;
|
||||||
|
p++;
|
||||||
|
if ( session->hostname_len > 0 &&
|
||||||
|
session->hostname != NULL )
|
||||||
/* save host name */
|
/* save host name */
|
||||||
memcpy( p, session->hostname, session->hostname_len );
|
memcpy( p, session->hostname, session->hostname_len );
|
||||||
p += session->hostname_len;
|
p += session->hostname_len;
|
||||||
|
@ -2096,8 +2098,11 @@ static int ssl_tls13_session_load( mbedtls_ssl_session *session,
|
||||||
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
if( session->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
{
|
{
|
||||||
/* load host name */
|
/* load host name */
|
||||||
|
if( end - p < 1 )
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
session->hostname_len = p[0];
|
session->hostname_len = p[0];
|
||||||
p += 1;
|
p += 1;
|
||||||
|
|
||||||
if( end - p < session->hostname_len )
|
if( end - p < session->hostname_len )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
if( session->hostname_len > 0 )
|
if( session->hostname_len > 0 )
|
||||||
|
|
Loading…
Reference in a new issue