diff --git a/src/internal.c b/src/internal.c index 2034f107d87..74b374d91e1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -34817,6 +34817,8 @@ int SendCertificateVerify(WOLFSSL* ssl) #ifdef HAVE_SESSION_TICKET int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) { + word32 sessIdLen = ID_LEN; + if (!HaveUniqueSessionObj(ssl)) return MEMORY_ERROR; @@ -34838,10 +34840,13 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) ssl->session->ticketLen = (word16)length; if (length > 0) { + if (length < ID_LEN) + sessIdLen = length; XMEMCPY(ssl->session->ticket, ticket, length); if (ssl->session_ticket_cb != NULL) { ssl->session_ticket_cb(ssl, - ssl->session->ticket, ssl->session->ticketLen, + ssl->session->ticket, + ssl->session->ticketLen, ssl->session_ticket_ctx); } /* Create a fake sessionID based on the ticket, this will @@ -34849,15 +34854,19 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) ssl->options.haveSessionId = 1; #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { + XMEMSET(ssl->session->sessionID, 0, ID_LEN); XMEMCPY(ssl->session->sessionID, - ssl->session->ticket + length - ID_LEN, ID_LEN); + ssl->session->ticket + length - sessIdLen, + sessIdLen); ssl->session->sessionIDSz = ID_LEN; } else #endif { + XMEMSET(ssl->arrays->sessionID, 0, ID_LEN); XMEMCPY(ssl->arrays->sessionID, - ssl->session->ticket + length - ID_LEN, ID_LEN); + ssl->session->ticket + length - sessIdLen, + sessIdLen); ssl->arrays->sessionIDSz = ID_LEN; } }