From 0463e3771640ac3e4503f2e67b2a8a145e8d562a Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Mon, 23 Feb 2026 15:26:54 -0700
Subject: [PATCH 1/3] Pad session ID with 0s if session ticket length is less
 than ID_LEN. Prevents underflow in SetTicket. Thanks to Arjuna Arya for
 discovering and reporting this.

---
 src/internal.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index eb59f8133c..3ad961e013 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -34824,6 +34824,8 @@ int SendCertificateVerify(WOLFSSL* ssl)
 #ifdef HAVE_SESSION_TICKET
 int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
 {
+    word32 sessIdLen = (length >= ID_LEN) ? ID_LEN : length;
+
     if (!HaveUniqueSessionObj(ssl))
         return MEMORY_ERROR;
 
@@ -34856,15 +34858,17 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
         ssl->options.haveSessionId = 1;
 #ifdef WOLFSSL_TLS13
         if (ssl->options.tls1_3) {
+            XMEMSET(ssl->session->sessionID, 0, ID_LEN);
             XMEMCPY(ssl->session->sessionID,
-                                 ssl->session->ticket + length - ID_LEN, ID_LEN);
+                                 ssl->session->ticket + length - sessIdLen, sessIdLen);
             ssl->session->sessionIDSz = ID_LEN;
         }
         else
 #endif
         {
+            XMEMSET(ssl->arrays->sessionID, 0, ID_LEN);
             XMEMCPY(ssl->arrays->sessionID,
-                                 ssl->session->ticket + length - ID_LEN, ID_LEN);
+                                 ssl->session->ticket + length - sessIdLen, sessIdLen);
             ssl->arrays->sessionIDSz = ID_LEN;
         }
     }

From 9a0c18c8fa38a1a9c79ca241068eb09ef70f00a4 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Tue, 24 Feb 2026 15:19:31 -0700
Subject: [PATCH 2/3] Work around error: enumerated and non-enumerated type in
 conditional expression

---
 src/internal.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 3ad961e013..9352af5bd9 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -34824,7 +34824,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
 #ifdef HAVE_SESSION_TICKET
 int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
 {
-    word32 sessIdLen = (length >= ID_LEN) ? ID_LEN : length;
+    word32 sessIdLen = 0;
 
     if (!HaveUniqueSessionObj(ssl))
         return MEMORY_ERROR;
@@ -34847,6 +34847,10 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
     ssl->session->ticketLen = (word16)length;
 
     if (length > 0) {
+        if (length >= ID_LEN)
+            sessIdLen = ID_LEN;
+        else
+            sessIdLen = length;
         XMEMCPY(ssl->session->ticket, ticket, length);
         if (ssl->session_ticket_cb != NULL) {
             ssl->session_ticket_cb(ssl,

From aaf6aa5acafbc906b085c948480224400dbe5279 Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Thu, 26 Feb 2026 17:09:23 -0700
Subject: [PATCH 3/3] Code review feedback

---
 src/internal.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 425e57a503..74b374d91e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -34817,7 +34817,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
 #ifdef HAVE_SESSION_TICKET
 int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
 {
-    word32 sessIdLen = 0;
+    word32 sessIdLen = ID_LEN;
 
     if (!HaveUniqueSessionObj(ssl))
         return MEMORY_ERROR;
@@ -34840,14 +34840,13 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
     ssl->session->ticketLen = (word16)length;
 
     if (length > 0) {
-        if (length >= ID_LEN)
-            sessIdLen = ID_LEN;
-        else
+        if (length < ID_LEN)
             sessIdLen = length;
         XMEMCPY(ssl->session->ticket, ticket, length);
         if (ssl->session_ticket_cb != NULL) {
             ssl->session_ticket_cb(ssl,
-                                   ssl->session->ticket, ssl->session->ticketLen,
+                                   ssl->session->ticket,
+                                   ssl->session->ticketLen,
                                    ssl->session_ticket_ctx);
         }
         /* Create a fake sessionID based on the ticket, this will
@@ -34857,7 +34856,8 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
         if (ssl->options.tls1_3) {
             XMEMSET(ssl->session->sessionID, 0, ID_LEN);
             XMEMCPY(ssl->session->sessionID,
-                                 ssl->session->ticket + length - sessIdLen, sessIdLen);
+                                 ssl->session->ticket + length - sessIdLen,
+                                 sessIdLen);
             ssl->session->sessionIDSz = ID_LEN;
         }
         else
@@ -34865,7 +34865,8 @@ int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length)
         {
             XMEMSET(ssl->arrays->sessionID, 0, ID_LEN);
             XMEMCPY(ssl->arrays->sessionID,
-                                 ssl->session->ticket + length - sessIdLen, sessIdLen);
+                                 ssl->session->ticket + length - sessIdLen,
+                                 sessIdLen);
             ssl->arrays->sessionIDSz = ID_LEN;
         }
     }