TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0329f75a9315644212b4aac7ba6351f80a188acb^! / .
commit0329f75a9315644212b4aac7ba6351f80a188acb[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Wed Feb 06 15:04:32 2019 +0000
committerHanno Becker <hanno.becker@arm.com>Tue Feb 26 14:38:09 2019 +0000
tree1f23c2950456c8b96b9a58b67f6e73d54e75a1b1
parentaee8717877f38731f15fb056c8046ea884ee24f1 [diff]
Increase robustness and documentation of ticket implementation

diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 7de4e66..2ad5436 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c

@@ -204,6 +204,9 @@
     if( left < sizeof( mbedtls_ssl_session ) )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
 
+    /* This also copies the values of pointer fields in the
+     * session to be serialized, but they'll be ignored when
+     * loading the session through ssl_load_session(). */
     memcpy( p, session, sizeof( mbedtls_ssl_session ) );
     p += sizeof( mbedtls_ssl_session );
     left -= sizeof( mbedtls_ssl_session );
@@ -250,18 +253,24 @@
     memcpy( session, p, sizeof( mbedtls_ssl_session ) );
     p += sizeof( mbedtls_ssl_session );
 
+    /* Non-NULL pointer fields of `session` are meaningless
+     * and potentially harmful. Zeroize them for safety. */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+    session->peer_cert = NULL;
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    session->ticket = NULL;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /* Deserialize CRT from the end of the ticket. */
     if( 3 > (size_t)( end - p ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
     p += 3;
 
-    if( cert_len == 0 )
-    {
-        session->peer_cert = NULL;
-    }
-    else
+    if( cert_len != 0 )
     {
         int ret;