From e5a3f3051917aebf2d9fd985f559a03fc01a06f3 Mon Sep 17 00:00:00 2001
From: shirleyquirk <31934565+shirleyquirk@users.noreply.github.com>
Date: Fri, 16 Apr 2021 13:22:51 +0100
Subject: [PATCH] Fix buffer-overrun bug in net (#17728) [backport:1.0]

(cherry picked from commit fdd4391534578d6a5a655eef99ef96e53ff2b4f1)
---
 changelog.md     | 3 +++
 lib/pure/net.nim | 7 +++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/changelog.md b/changelog.md
index 1de7d3afe9..a6fb4889f2 100644
--- a/changelog.md
+++ b/changelog.md
@@ -17,6 +17,9 @@
 
 
 ## Library additions
+- Fixed buffer overflow bugs in `net`
+
+- Added `sections` iterator in `parsecfg`.
 
 - Added `browsers.osOpen` const alias for the operating system specific *"open"* command.
 
diff --git a/lib/pure/net.nim b/lib/pure/net.nim
index ec0f30ff2b..23fc0b54d8 100644
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -598,12 +598,11 @@ when defineSsl:
     let ctx = SslContext(context: ssl.SSL_get_SSL_CTX)
     let hintString = if hint == nil: "" else: $hint
     let (identityString, pskString) = (ctx.clientGetPskFunc)(hintString)
-    if psk.len.cuint > max_psk_len:
+    if pskString.len.cuint > max_psk_len:
       return 0
     if identityString.len.cuint >= max_identity_len:
       return 0
-
-    copyMem(identity, identityString.cstring, pskString.len + 1) # with the last zero byte
+    copyMem(identity, identityString.cstring, identityString.len + 1) # with the last zero byte
     copyMem(psk, pskString.cstring, pskString.len)
 
     return pskString.len.cuint
@@ -624,7 +623,7 @@ when defineSsl:
       max_psk_len: cint): cuint {.cdecl.} =
     let ctx = SslContext(context: ssl.SSL_get_SSL_CTX)
     let pskString = (ctx.serverGetPskFunc)($identity)
-    if psk.len.cint > max_psk_len:
+    if pskString.len.cint > max_psk_len:
       return 0
     copyMem(psk, pskString.cstring, pskString.len)