Peer review fixes. Check idSz and add comment about session variable use.

2022-02-25 10:58:19 -08:00 · 2022-02-25 10:58:19 -08:00 · 821fd3c898
commit 821fd3c898
parent a39a1c1d87
2 changed files with 6 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -30626,6 +30626,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                id = ssl->session->altSessionID;
                idSz = ID_LEN;
            }
+            /* make sure idSz is not larger than ID_LEN */
+            if (idSz > ID_LEN)
+                idSz = ID_LEN;
            XMEMCPY(it.id, id, idSz);
        }
 #endif
--- a/src/ssl.c
+++ b/src/ssl.c
@ -15769,6 +15769,9 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
        sessRow = NULL;
    }

+    /* Note: the `session` variable cannot be used below, since the row is
+     * un-locked */
+
    if (ret != WOLFSSL_SUCCESS)
        return ret;