[gnutls-devel] GnuTLS | Increase the limit of TLS PSK usernames (!1581)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jun 7 11:32:32 CEST 2022




Hannes Reinecke commented on a discussion on lib/handshake-checks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_973684567

>  		if (username == NULL)
>  			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
>  
> -		if (session->internals.saved_username_size != -1) {
> -			if (session->internals.saved_username_size == username_length &&
> -			    strncmp(session->internals.saved_username, username, username_length) != 0) {
> +		if (session->internals.saved_username) {
> +			int saved_username_length = strlen(session->internals.saved_username);

Problem is that we need to check both, as either the pointer could be NULL, or the length could be '0'.
And one probably would need to do an audit to check if both are always in sync.
(Or add an 'assert' here :-)

Nit: there is one place in
~~~
lib/state.c:(*session)->internals.saved_username_size = -1;
~~~
is there a convention what the length of an unallocated pointer should be? -1 or 0?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1581#note_973684567
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220607/c45c58d1/attachment-0001.html>


More information about the Gnutls-devel mailing list