mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 01:54:17 +01:00
Increase robustness and documentation of ticket implementation
This commit is contained in:
parent
aee8717877
commit
0329f75a93
@ -204,6 +204,9 @@ static int ssl_save_session( const mbedtls_ssl_session *session,
|
|||||||
if( left < sizeof( mbedtls_ssl_session ) )
|
if( left < sizeof( mbedtls_ssl_session ) )
|
||||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||||
|
|
||||||
|
/* This also copies the values of pointer fields in the
|
||||||
|
* session to be serialized, but they'll be ignored when
|
||||||
|
* loading the session through ssl_load_session(). */
|
||||||
memcpy( p, session, sizeof( mbedtls_ssl_session ) );
|
memcpy( p, session, sizeof( mbedtls_ssl_session ) );
|
||||||
p += sizeof( mbedtls_ssl_session );
|
p += sizeof( mbedtls_ssl_session );
|
||||||
left -= sizeof( mbedtls_ssl_session );
|
left -= sizeof( mbedtls_ssl_session );
|
||||||
@ -250,18 +253,24 @@ static int ssl_load_session( mbedtls_ssl_session *session,
|
|||||||
memcpy( session, p, sizeof( mbedtls_ssl_session ) );
|
memcpy( session, p, sizeof( mbedtls_ssl_session ) );
|
||||||
p += sizeof( mbedtls_ssl_session );
|
p += sizeof( mbedtls_ssl_session );
|
||||||
|
|
||||||
|
/* Non-NULL pointer fields of `session` are meaningless
|
||||||
|
* and potentially harmful. Zeroize them for safety. */
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
session->peer_cert = NULL;
|
||||||
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
|
||||||
|
session->ticket = NULL;
|
||||||
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
/* Deserialize CRT from the end of the ticket. */
|
||||||
if( 3 > (size_t)( end - p ) )
|
if( 3 > (size_t)( end - p ) )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
|
||||||
cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
|
cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
|
||||||
p += 3;
|
p += 3;
|
||||||
|
|
||||||
if( cert_len == 0 )
|
if( cert_len != 0 )
|
||||||
{
|
|
||||||
session->peer_cert = NULL;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user