_gnutls_check_id_for_change: ensure that we check the username length

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 4ea815997901464a82268462eed1aab7168de56a..9959c822025f77e622576ecc23cd8dbe650eee13 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1445,7 +1445,7 @@ typedef struct {
 
        /* The saved username from PSK or SRP auth */
        char saved_username[MAX_USERNAME_SIZE+1];
-       bool saved_username_set;
+       int saved_username_size;
 
        /* Needed for TCP Fast Open (TFO), set by gnutls_transport_set_fastopen() */
        tfo_st tfo;

diff --git a/lib/handshake-checks.c b/lib/handshake-checks.c
index f8079dae366e3c4d4a49ec011f7da5699355058b..b07b9680cb8aea8234aeb258ee7be58d6149b081 100644 (file)
--- a/lib/handshake-checks.c
+++ b/lib/handshake-checks.c
@@ -50,7 +50,7 @@ int _gnutls_check_id_for_change(gnutls_session_t session)
        cred_type = gnutls_auth_get_type(session);
        if (cred_type == GNUTLS_CRD_PSK || cred_type == GNUTLS_CRD_SRP) {
                const char *username = NULL;
-               size_t username_length;
+               int username_length;
 
                if (cred_type == GNUTLS_CRD_PSK) {
                        psk_auth_info_t ai;
@@ -75,15 +75,16 @@ int _gnutls_check_id_for_change(gnutls_session_t session)
                if (username == NULL)
                        return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
-               if (session->internals.saved_username_set) {
-                       if (strncmp(session->internals.saved_username, username, username_length) != 0) {
+               if (session->internals.saved_username_size != -1) {
+                       if (session->internals.saved_username_size == username_length &&
+                           strncmp(session->internals.saved_username, username, username_length) != 0) {
                                _gnutls_debug_log("Session's PSK username changed during rehandshake; aborting!\n");
                                return gnutls_assert_val(GNUTLS_E_SESSION_USER_ID_CHANGED);
                        }
                } else {
                        memcpy(session->internals.saved_username, username, username_length);
                        session->internals.saved_username[username_length] = 0;
-                       session->internals.saved_username_set = 1;
+                       session->internals.saved_username_size = username_length;
                }
        }
 

diff --git a/lib/state.c b/lib/state.c
index d4d525422856ed339fab71ca6b2322e32ae21d35..0e1d155442a627dd9ed2ce9fe24d6434c5440e75 100644 (file)
--- a/lib/state.c
+++ b/lib/state.c
@@ -584,6 +584,8 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
        (*session)->internals.pull_func = system_read;
        (*session)->internals.errno_func = system_errno;
 
+       (*session)->internals.saved_username_size = -1;
+
        /* heartbeat timeouts */
        (*session)->internals.hb_retrans_timeout_ms = 1000;
        (*session)->internals.hb_total_timeout_ms = 60000;