Pad session ID with 0s if session ticket length is less than ID_LEN.

kareem-wolfssl · kareem-wolfssl · commit 0463e3771640 · 2026-02-23T16:46:01.000-07:00
Prevents underflow in SetTicket.
Thanks to Arjuna Arya for discovering and reporting this.
diff --git a/src/internal.c b/src/internal.c
@@ -34824,6 +34824,8 @@ int SendCertificateVerify(WOLFSSL* ssl)
 #ifdef HAVE_SESSION_TICKET
 int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
 {
+    word32 sessIdLen = (length >= ID_LEN) ? ID_LEN : length;
+
     if (!HaveUniqueSessionObj(ssl))
         return MEMORY_ERROR;
 
@@ -34856,15 +34858,17 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
         ssl->options.haveSessionId = 1;
 #ifdef WOLFSSL_TLS13
         if (ssl->options.tls1_3) {
+            XMEMSET(ssl->session->sessionID, 0, ID_LEN);
             XMEMCPY(ssl->session->sessionID,
-                                 ssl->session->ticket + length - ID_LEN, ID_LEN);
+                                 ssl->session->ticket + length - sessIdLen, sessIdLen);
             ssl->session->sessionIDSz = ID_LEN;
         }
         else
 #endif
         {
+            XMEMSET(ssl->arrays->sessionID, 0, ID_LEN);
             XMEMCPY(ssl->arrays->sessionID,
-                                 ssl->session->ticket + length - ID_LEN, ID_LEN);
+                                 ssl->session->ticket + length - sessIdLen, sessIdLen);
             ssl->arrays->sessionIDSz = ID_LEN;
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -34824,6 +34824,8 @@ int SendCertificateVerify(WOLFSSL* ssl)`
`34824`	`34824`	`#ifdef HAVE_SESSION_TICKET`
`34825`	`34825`	`int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)`
`34826`	`34826`	`{`
	`34827`	`+ word32 sessIdLen = (length >= ID_LEN) ? ID_LEN : length;`
	`34828`	`+`
`34827`	`34829`	`if (!HaveUniqueSessionObj(ssl))`
`34828`	`34830`	`return MEMORY_ERROR;`
`34829`	`34831`
`@@ -34856,15 +34858,17 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)`
`34856`	`34858`	`ssl->options.haveSessionId = 1;`
`34857`	`34859`	`#ifdef WOLFSSL_TLS13`
`34858`	`34860`	`if (ssl->options.tls1_3) {`
	`34861`	`+ XMEMSET(ssl->session->sessionID, 0, ID_LEN);`
`34859`	`34862`	`XMEMCPY(ssl->session->sessionID,`
`34860`		`- ssl->session->ticket + length - ID_LEN, ID_LEN);`
	`34863`	`+ ssl->session->ticket + length - sessIdLen, sessIdLen);`
`34861`	`34864`	`ssl->session->sessionIDSz = ID_LEN;`
`34862`	`34865`	`}`
`34863`	`34866`	`else`
`34864`	`34867`	`#endif`
`34865`	`34868`	`{`
	`34869`	`+ XMEMSET(ssl->arrays->sessionID, 0, ID_LEN);`
`34866`	`34870`	`XMEMCPY(ssl->arrays->sessionID,`
`34867`		`- ssl->session->ticket + length - ID_LEN, ID_LEN);`
	`34871`	`+ ssl->session->ticket + length - sessIdLen, sessIdLen);`
`34868`	`34872`	`ssl->arrays->sessionIDSz = ID_LEN;`
`34869`	`34873`	`}`
`34870`	`34874`	`}`