Skip to content

Commit

Permalink
Fix for TlsSessionCacheGetAndLock that was not checking the session…
Browse files Browse the repository at this point in the history 
…IDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
  • Loading branch information
@dgarske
dgarske committed Nov 20, 2024
1 parent 34f27a9 commit 3eab871
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 14 deletions.
1 change: 0 additions & 1 deletion src/ssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24027,7 +24027,6 @@ void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
{
WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data");
#ifdef MAX_EX_DATA
return ex_data->ex_data[idx];
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
return ex_data->ex_data[idx];
}
Expand Down
4 changes: 3 additions & 1 deletion src/ssl_sess.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1120,7 +1120,9 @@ static int TlsSessionCacheGetAndLock(const byte *id,
#else
s = &sessRow->Sessions[idx];
#endif
if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) {
/* match session ID value and length */
if (s && s->sessionIDSz == ID_LEN && s->side == side &&
XMEMCMP(s->sessionID, id, ID_LEN) == 0) {
*sess = s;
break;
}
Expand Down
13 changes: 1 addition & 12 deletions tests/api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71143,16 +71143,13 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
!defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \
!defined(WOLFSSL_NO_TLS12)

WOLFSSL_CTX* ctx = NULL;
callback_functions server_cbf, client_cbf;

XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));

/* force server side to use TLS 1.2 */
ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
server_cbf.ctx = ctx;
server_cbf.method = wolfTLSv1_2_server_method;

client_cbf.method = wolfSSLv23_client_method;
server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
Expand All @@ -71163,9 +71160,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);

/* set the previously created session and wait till expired */
server_cbf.ctx = ctx;

client_cbf.method = wolfSSLv23_client_method;
server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait;
Expand All @@ -71176,9 +71170,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS);
ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);

/* set the previously created expired session */
server_cbf.ctx = ctx;

client_cbf.method = wolfSSLv23_client_method;
server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready;
client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set;
Expand All @@ -71190,8 +71181,6 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS);

wolfSSL_SESSION_free(test_wolfSSL_SESSION_expire_sess);
wolfSSL_CTX_free(ctx);

#endif
return EXPECT_RESULT();
}
Expand Down

0 comments on commit 3eab871

Please sign in to comment.