[gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Mar 18 11:12:46 CET 2020
Nikos Mavrogiannopoulos started a new discussion on lib/handshake-checks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/917#note_306933300
> return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
>
> if (session->internals.saved_username_set) {
> - if (strcmp(session->internals.saved_username, username) != 0) {
> + if (username_length == strlen(session->internals.saved_username) &&
> + strncmp(session->internals.saved_username, username, username_length) != 0) {
> _gnutls_debug_log("Session's PSK username changed during rehandshake; aborting!\n");
> return gnutls_assert_val(GNUTLS_E_SESSION_USER_ID_CHANGED);
> }
> } else {
> - size_t len = strlen(username);
> -
> - memcpy(session->internals.saved_username, username, len);
> - session->internals.saved_username[len] = 0;
> + memcpy(session->internals.saved_username, username, username_length);
I did an "enhancement" here to check the username length match before checking with `strncmp`, but I think it is wrong, because we cannot save the username in a null terminated way. We would have to save the username length as well. Maybe we can re-use `saved_username_set` to hold the length (assuming we only allow non-zero usernames). What do you think?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/917#note_306933300
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200318/1f124ef7/attachment-0001.html>
More information about the Gnutls-devel
mailing list