Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 8937:ec1fa010c3a5
SSL: explicit session id length checking.
Session ids are not expected to be longer than 32 bytes, but this is
theoretically possible with TLSv1.3, where session ids are essentially
arbitrary and sent as session tickets. Since on 64-bit platforms we
use fixed 32-byte buffer for session ids, added an explicit length check
to make sure the buffer is large enough.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:39 +0300 |
parents | fa4b4f38da4a |
children | 5244d3b165ff |
comparison
equal
deleted
inserted
replaced
8936:fa4b4f38da4a | 8937:ec1fa010c3a5 |
---|---|
3846 } | 3846 } |
3847 | 3847 |
3848 p = buf; | 3848 p = buf; |
3849 i2d_SSL_SESSION(sess, &p); | 3849 i2d_SSL_SESSION(sess, &p); |
3850 | 3850 |
3851 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); | |
3852 | |
3853 /* do not cache sessions with too long session id */ | |
3854 | |
3855 if (session_id_length > 32) { | |
3856 return 0; | |
3857 } | |
3858 | |
3851 c = ngx_ssl_get_connection(ssl_conn); | 3859 c = ngx_ssl_get_connection(ssl_conn); |
3852 | 3860 |
3853 ssl_ctx = c->ssl->session_ctx; | 3861 ssl_ctx = c->ssl->session_ctx; |
3854 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); | 3862 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); |
3855 | 3863 |
3889 | 3897 |
3890 if (sess_id == NULL) { | 3898 if (sess_id == NULL) { |
3891 goto failed; | 3899 goto failed; |
3892 } | 3900 } |
3893 } | 3901 } |
3894 | |
3895 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); | |
3896 | 3902 |
3897 #if (NGX_PTR_SIZE == 8) | 3903 #if (NGX_PTR_SIZE == 8) |
3898 | 3904 |
3899 id = sess_id->sess_id; | 3905 id = sess_id->sess_id; |
3900 | 3906 |