[gnutls-dev] [PATCH] gnutls_session_get_id overflow handling
Joe Orton
joe at manyfish.co.uk
Tue Nov 29 20:31:25 CET 2005
Errr, sorry, I was completely confused and talking about the wrong
function having been separately trying to track down why my _get_data
usage was wrong with 1.3.0. I meant gnutls_session_get_id.
In 1.3.0, gnutls_session_get_id() will silently overflow the passed-in
buffer if it's too short. This is even more surprising behaviour!
How does this look: (compiled and even tested)
* lib/gnutls_session.c (gnutls_session_get_id): If a non-NULL buffer
is given, fail if the given size is too short rather than silently
overflowing the buffer.
--- ./gnutls_session.c.sessid 2005-11-15 15:53:09.000000000 +0000
+++ ./gnutls_session.c 2005-11-29 19:23:29.000000000 +0000
@@ -126,13 +126,20 @@
void *session_id, size_t * session_id_size)
{
- *session_id_size = session->security_parameters.session_id_size;
-
/* just return the session size */
if (session_id == NULL)
{
+ *session_id_size = session->security_parameters.session_id_size;
return 0;
}
+
+ if (*session_id_size < session->security_parameters.session_id_size)
+ {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *session_id_size = session->security_parameters.session_id_size;
+
memcpy (session_id, &session->security_parameters.session_id,
*session_id_size);
More information about the Gnutls-devel
mailing list