@@ -483,16 +483,42 @@ int wolfSSL_memsave_session_cache(void* mem, int sz)
483483}
484484
485485
486+ #if !defined(SESSION_CACHE_DYNAMIC_MEM ) && \
487+ (defined(HAVE_SESSION_TICKET ) || \
488+ (defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA )))
489+ static void SessionSanityPointerSet (SessionRow * row )
490+ {
491+ int j ;
492+
493+ /* Reset pointers to safe values after raw copy */
494+ for (j = 0 ; j < SESSIONS_PER_ROW ; j ++ ) {
495+ WOLFSSL_SESSION * s = & row -> Sessions [j ];
496+ #ifdef HAVE_SESSION_TICKET
497+ s -> ticket = s -> staticTicket ;
498+ s -> ticketLenAlloc = 0 ;
499+ if (s -> ticketLen > SESSION_TICKET_LEN ) {
500+ s -> ticketLen = SESSION_TICKET_LEN ;
501+ }
502+ #endif
503+ #if defined(WOLFSSL_TLS13 ) && defined(HAVE_SESSION_TICKET ) && \
504+ defined(WOLFSSL_TICKET_NONCE_MALLOC ) && \
505+ (!defined(HAVE_FIPS ) || (defined(FIPS_VERSION_GE ) && FIPS_VERSION_GE (5 ,3 )))
506+ s -> ticketNonce .data = s -> ticketNonce .dataStatic ;
507+ if (s -> ticketNonce .len > MAX_TICKET_NONCE_STATIC_SZ ) {
508+ s -> ticketNonce .len = MAX_TICKET_NONCE_STATIC_SZ ;
509+ }
510+ #endif
511+ #if defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA )
512+ s -> peer = NULL ;
513+ #endif
514+ }
515+ }
516+ #endif
517+
486518/* Restore the persistent session cache from memory */
487519int wolfSSL_memrestore_session_cache (const void * mem , int sz )
488520{
489521 int i ;
490- #ifndef SESSION_CACHE_DYNAMIC_MEM
491- #if defined(HAVE_SESSION_TICKET ) || \
492- (defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA ))
493- int j ;
494- #endif
495- #endif
496522 cache_header_t cache_header ;
497523 SessionRow * row = (SessionRow * )((byte * )mem + sizeof (cache_header ));
498524
@@ -528,24 +554,10 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz)
528554 #endif
529555
530556 XMEMCPY (& SessionCache [i ], row ++ , SIZEOF_SESSION_ROW );
531- #ifndef SESSION_CACHE_DYNAMIC_MEM
532- #if defined(HAVE_SESSION_TICKET ) || \
533- (defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA ))
534- /* Reset pointers to safe values after raw copy */
535- for (j = 0 ; j < SESSIONS_PER_ROW ; j ++ ) {
536- WOLFSSL_SESSION * s = & SessionCache [i ].Sessions [j ];
537- #ifdef HAVE_SESSION_TICKET
538- s -> ticket = s -> staticTicket ;
539- s -> ticketLenAlloc = 0 ;
540- if (s -> ticketLen > SESSION_TICKET_LEN ) {
541- s -> ticketLen = SESSION_TICKET_LEN ;
542- }
543- #endif
544- #if defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA )
545- s -> peer = NULL ;
546- #endif
547- }
548- #endif
557+ #if !defined(SESSION_CACHE_DYNAMIC_MEM ) && \
558+ (defined(HAVE_SESSION_TICKET ) || \
559+ (defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA )))
560+ SessionSanityPointerSet (& SessionCache [i ]);
549561 #endif
550562 #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
551563 SESSION_ROW_UNLOCK (& SessionCache [i ]);
@@ -706,27 +718,10 @@ int wolfSSL_restore_session_cache(const char *fname)
706718 #endif
707719
708720 ret = (int )XFREAD (& SessionCache [i ], SIZEOF_SESSION_ROW , 1 , file );
709- #ifndef SESSION_CACHE_DYNAMIC_MEM
710- #if defined(HAVE_SESSION_TICKET ) || \
711- (defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA ))
712- /* Reset pointers to safe values after raw copy */
713- {
714- int j ;
715- for (j = 0 ; j < SESSIONS_PER_ROW ; j ++ ) {
716- WOLFSSL_SESSION * s = & SessionCache [i ].Sessions [j ];
717- #ifdef HAVE_SESSION_TICKET
718- s -> ticket = s -> staticTicket ;
719- s -> ticketLenAlloc = 0 ;
720- if (s -> ticketLen > SESSION_TICKET_LEN ) {
721- s -> ticketLen = SESSION_TICKET_LEN ;
722- }
723- #endif
724- #if defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA )
725- s -> peer = NULL ;
726- #endif
727- }
728- }
729- #endif
721+ #if !defined(SESSION_CACHE_DYNAMIC_MEM ) && \
722+ (defined(HAVE_SESSION_TICKET ) || \
723+ (defined(SESSION_CERTS ) && defined(OPENSSL_EXTRA )))
724+ SessionSanityPointerSet (& SessionCache [i ]);
730725 #endif
731726 #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
732727 SESSION_ROW_UNLOCK (& SessionCache [i ]);
0 commit comments