dtls: cookie is stored dynamically when needed rather than in pre-allocated size

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Wed, 8 Nov 2017 10:39:53 +0000 (11:39 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 19 Feb 2018 14:29:35 +0000 (15:29 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 8 Nov 2017 10:39:53 +0000 (11:39 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 19 Feb 2018 14:29:35 +0000 (15:29 +0100)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h

index 605d3a3fb2b75cc23d537d4f44b26384945ddcbf..05c8371d2b1a495dc516c1035877759ae408b7f3 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -857,8 +857,7 @@ typedef struct gnutls_dh_params_int {
   */
  typedef struct {
         /* HelloVerifyRequest DOS prevention cookie */
-       uint8_t cookie[DTLS_MAX_COOKIE_SIZE];
-       uint8_t cookie_len;
+       gnutls_datum_t dcookie;
  
         /* For DTLS handshake fragmentation and reassembly. */
         uint16_t hsk_write_seq;
diff --git a/lib/handshake.c b/lib/handshake.c

index 3746296d44dc72defa54ae2c0dde4f70ab4aa890..79713b65e119274166583ea93d367039495e0ed9 100644 (file)
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1897,12 +1897,14 @@ static int send_client_hello(gnutls_session_t session, int again)
                 /* Copy the DTLS cookie
                  */
                 if (IS_DTLS(session)) {
-                       ret = _gnutls_buffer_append_data_prefix(&extdata, 8, session->internals.dtls.cookie,
-                               session->internals.dtls.cookie_len);
+                       ret = _gnutls_buffer_append_data_prefix(&extdata, 8,
+                                                               session->internals.dtls.dcookie.data,
+                                                               session->internals.dtls.dcookie.size);
                         if (ret < 0) {
                                 gnutls_assert();
                                 goto cleanup;
                         }
+                       _gnutls_free_datum(&session->internals.dtls.dcookie);
                 }
  
                 /* Copy the ciphersuites.
@@ -2090,6 +2092,7 @@ recv_hello_verify_request(gnutls_session_t session,
         size_t pos = 0;
         uint8_t cookie_len;
         unsigned int nb_verifs;
+       int ret;
  
         if (!IS_DTLS(session)
             || session->security_parameters.entity == GNUTLS_SERVER) {
@@ -2120,8 +2123,10 @@ recv_hello_verify_request(gnutls_session_t session,
  
         DECR_LEN(len, cookie_len);
  
-       session->internals.dtls.cookie_len = cookie_len;
-       memcpy(session->internals.dtls.cookie, &data[pos], cookie_len);
+       gnutls_free(session->internals.dtls.dcookie.data);
+       ret = _gnutls_set_datum(&session->internals.dtls.dcookie, &data[pos], cookie_len);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
  
         if (len != 0) {
                 gnutls_assert();
diff --git a/lib/state.c b/lib/state.c

index ca53db23a6f1b2bc01c3ac7575c5474b12536b44..1aeddc01ac16519e6e48ed1d4e22b8304adce338 100644 (file)
--- a/lib/state.c
+++ b/lib/state.c
@@ -418,6 +418,7 @@ void gnutls_deinit(gnutls_session_t session)
         _mbuffer_head_clear(&session->internals.record_send_buffer);
  
         _gnutls_free_datum(&session->internals.resumption_data);
+       _gnutls_free_datum(&session->internals.dtls.dcookie);
  
         gnutls_free(session->internals.rexts);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Wed, 8 Nov 2017 10:39:53 +0000 (11:39 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 19 Feb 2018 14:29:35 +0000 (15:29 +0100)
lib/gnutls_int.h		patch \| blob \| blame \| history
lib/handshake.c		patch \| blob \| blame \| history
lib/state.c		patch \| blob \| blame \| history