Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix buffer-overrun bug in net #17728

Merged
merged 12 commits into from
Apr 16, 2021
2 changes: 2 additions & 0 deletions changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@

## Standard library additions and changes

- Fixed buffer overflow bugs in `net`
shirleyquirk marked this conversation as resolved.
Show resolved Hide resolved

- Added `sections` iterator in `parsecfg`.

- Make custom op in macros.quote work for all statements.
Expand Down
7 changes: 3 additions & 4 deletions lib/pure/net.nim
Original file line number Diff line number Diff line change
Expand Up @@ -690,12 +690,11 @@ when defineSsl:
let ctx = SslContext(context: ssl.SSL_get_SSL_CTX)
let hintString = if hint == nil: "" else: $hint
let (identityString, pskString) = (ctx.clientGetPskFunc)(hintString)
if psk.len.cuint > max_psk_len:
if pskString.len.cuint > max_psk_len:
return 0
if identityString.len.cuint >= max_identity_len:
return 0

copyMem(identity, identityString.cstring, pskString.len + 1) # with the last zero byte
copyMem(identity, identityString.cstring, identityString.len + 1) # with the last zero byte
copyMem(psk, pskString.cstring, pskString.len)

return pskString.len.cuint
Expand All @@ -716,7 +715,7 @@ when defineSsl:
max_psk_len: cint): cuint {.cdecl.} =
let ctx = SslContext(context: ssl.SSL_get_SSL_CTX)
let pskString = (ctx.serverGetPskFunc)($identity)
if psk.len.cint > max_psk_len:
if pskString.len.cint > max_psk_len:
return 0
copyMem(psk, pskString.cstring, pskString.len)

Expand Down