From dcb88a9cc755967205040f811060ec1efb7fbf42 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 7 Jun 2022 17:49:22 +0000 Subject: [PATCH] Use CBS_write_bytes() instead of manual unpacking of a CBS and assigning length and using memcpy(). This also provides a missing overflow check (which is done by the only caller, however). ok jsing --- lib/libssl/ssl_sess.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 504c4021055..fcb259f6a29 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.115 2022/06/07 17:45:13 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.116 2022/06/07 17:49:22 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -435,8 +435,10 @@ ssl_session_from_cache(SSL *s, CBS *session_id) memset(&data, 0, sizeof(data)); data.ssl_version = s->version; - data.session_id_length = CBS_len(session_id); - memcpy(data.session_id, CBS_data(session_id), CBS_len(session_id)); + + if (!CBS_write_bytes(session_id, data.session_id, + sizeof(data.session_id), &data.session_id_length)) + return NULL; CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); sess = lh_SSL_SESSION_retrieve(s->session_ctx->internal->sessions, &data); -- 2.20.1