diff options
| author | Daiki Ueno <dueno@redhat.com> | 2018-06-01 10:01:08 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2018-06-01 10:06:39 +0200 |
| commit | 6b45592c28f5305047c5046afcd11e36aabe7e3a (patch) | |
| tree | 3d188c14b2fb24a883b54b8bdf417b066da73cd0 | |
| parent | 188915ba70038f429c214dd5a57c0b71baeda1d9 (diff) | |
| download | gnutls-6b45592c28f5305047c5046afcd11e36aabe7e3a.tar.gz | |
_gnutls_decrypt_session_ticket: fail early on key name mismatch
If the key name of the ticket doesn't match, we don't need to parse
the entire ticket.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/ext/session_ticket.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 40bbe5b112..11d5db75c4 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -198,19 +198,17 @@ _gnutls_decrypt_session_ticket(gnutls_session_t session, struct ticket_st ticket; int ret; + /* If the key name of the ticket does not match the one that we + hold, issue a new ticket. */ + if (ticket_data->size < TICKET_KEY_NAME_SIZE || + memcmp(ticket_data->data, &session->key.session_ticket_key[NAME_POS], + TICKET_KEY_NAME_SIZE)) + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + ret = unpack_ticket(ticket_data, &ticket); if (ret < 0) return ret; - /* If the key name of the ticket does not match the one that we - hold, issue a new ticket. */ - if (memcmp - (ticket.key_name, &session->key.session_ticket_key[NAME_POS], - TICKET_KEY_NAME_SIZE)) { - ret = GNUTLS_E_DECRYPTION_FAILED; - goto cleanup; - } - /* Check the integrity of ticket */ mac_secret.data = (void *) &session->key.session_ticket_key[MAC_SECRET_POS]; mac_secret.size = TICKET_MAC_SECRET_SIZE; |