From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 17 Dec 2025 10:20:42 +0000 (+0100)
Subject: wolfssl: proof use of wolfSSL_i2d_SSL_SESSION
X-Git-Tag: rc-8_18_0-3~82
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be3c226bb0c4b73879a6dffbb35f60065a48a9a2;p=thirdparty%2Fcurl.git

wolfssl: proof use of wolfSSL_i2d_SSL_SESSION

While wolfSSL_i2d_SSL_SESSION() does not change the passed pointer, like
OpenSSL does, it may one day decide to do so. Pass a copy instead to be
future-proof to such a change in wolfSSL's implementation.

Closes #20008
---

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 3ebc07ee6f..cf3774b5e8 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -425,7 +425,7 @@ CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
 {
   CURLcode result = CURLE_OK;
   struct Curl_ssl_session *sc_session = NULL;
-  unsigned char *sdata = NULL, *qtp_clone = NULL;
+  unsigned char *sdata = NULL, *sdata_ptr, *qtp_clone = NULL;
   unsigned int sdata_len;
   unsigned int earlydata_max = 0;
 
@@ -438,13 +438,15 @@ CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
     result = CURLE_FAILED_INIT;
     goto out;
   }
-  sdata = curlx_calloc(1, sdata_len);
+  sdata = sdata_ptr = curlx_calloc(1, sdata_len);
   if(!sdata) {
     failf(data, "unable to allocate session buffer of %u bytes", sdata_len);
     result = CURLE_OUT_OF_MEMORY;
     goto out;
   }
-  sdata_len = wolfSSL_i2d_SSL_SESSION(session, &sdata);
+  /* wolfSSL right now does not change the last parameter here, but it
+   * might one day decide to do so for OpenSSL compatibility. */
+  sdata_len = wolfSSL_i2d_SSL_SESSION(session, &sdata_ptr);
   if(sdata_len <= 0) {
     CURL_TRC_CF(data, cf, "fail to serialize session: %u", sdata_len);
     result = CURLE_FAILED_INIT;