From: Joshua Rogers <joshua@joshua.hu>
Date: Wed, 18 Mar 2026 16:08:03 +0000 (+0100)
Subject: handshake-checks: fix username comparison during rehandshake
X-Git-Tag: 3.8.13^2~29
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=35dbb0e4ebcc07acecfd060ffc6ca076cf397920;p=thirdparty%2Fgnutls.git

handshake-checks: fix username comparison during rehandshake

This is definitely a security issue
subverting the GNUTLS_ALLOW_ID_CHANGE protection,
but its real-life exploitability is under question.

Reported-by: Joshua Rogers of AISLE Research Team <joshua@joshua.hu>
Fixes: #1808
Signed-off-by: Joshua Rogers <joshua@joshua.hu>
---

diff --git a/lib/handshake-checks.c b/lib/handshake-checks.c
index 5231046e84..ad92932d7b 100644
--- a/lib/handshake-checks.c
+++ b/lib/handshake-checks.c
@@ -80,10 +80,10 @@ int _gnutls_check_id_for_change(gnutls_session_t session)
 
 		if (session->internals.saved_username &&
 		    session->internals.saved_username_size != -1) {
-			if (session->internals.saved_username_size ==
-				    username_length &&
-			    strncmp(session->internals.saved_username, username,
-				    username_length)) {
+			if (session->internals.saved_username_size !=
+				    username_length ||
+			    memcmp(session->internals.saved_username, username,
+				   username_length)) {
 				_gnutls_debug_log(
 					"Session's PSK username changed during rehandshake; aborting!\n");
 				return gnutls_assert_val(