diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-06 13:03:35 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-06 13:03:35 +0000 |
commit | d5a55ab81f9b2eef5d1936552fd3dd880aa7ab0d (patch) | |
tree | 93ced71764fa9d8f7acdc8a992f9ea5358f0c1b0 | |
parent | 49ab842741b63b11d1d43de65ead70bc911cce63 (diff) | |
parent | 6a57b13a2c90fe963053d2dfc5b4cdb6ea66d8af (diff) | |
download | gnutls-d5a55ab81f9b2eef5d1936552fd3dd880aa7ab0d.tar.gz |
Merge branch 'fix-overflow' into 'master'
Fix variable overflow in TLS1.3 session ticket code
Closes #471
See merge request gnutls/gnutls!656
-rw-r--r-- | lib/tls13/session_ticket.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index 8515b9cb19..dfe4992669 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -312,6 +312,7 @@ int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *bu uint8_t value; tls13_ticket_t *ticket = &session->internals.tls13_ticket; gnutls_datum_t t; + size_t val; if (unlikely(buf == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -322,14 +323,16 @@ int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *bu _gnutls_handshake_log("HSK[%p]: parsing session ticket message\n", session); /* ticket_lifetime */ - ret = _gnutls_buffer_pop_prefix32(buf, (size_t *) &ticket->lifetime, 0); + ret = _gnutls_buffer_pop_prefix32(buf, &val, 0); if (ret < 0) return gnutls_assert_val(ret); + ticket->lifetime = val; /* ticket_age_add */ - ret = _gnutls_buffer_pop_prefix32(buf, (size_t *) &ticket->age_add, 0); + ret = _gnutls_buffer_pop_prefix32(buf, &val, 0); if (ret < 0) return gnutls_assert_val(ret); + ticket->age_add = val; /* ticket_nonce */ ret = _gnutls_buffer_pop_prefix8(buf, &value, 0); |