[openssl-commits] [openssl] master update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Mon Jul 3 14:35:47 UTC 2017
The branch master has been updated
via b43c37658600300de485100185eebec8bfa3dbcf (commit)
via c31ad0bbf8415a691dd833b29e5be66f7c4aba42 (commit)
from 4d89bf448490e7c77743f53bfbefbaddee9b275e (commit)
- Log -----------------------------------------------------------------
commit b43c37658600300de485100185eebec8bfa3dbcf
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Wed Jun 14 20:25:52 2017 +0200
Fix potential crash in tls_construct_finished.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3667)
commit c31ad0bbf8415a691dd833b29e5be66f7c4aba42
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Tue Jun 13 07:25:43 2017 +0200
Fix a crash in tls_construct_client_certificate.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3667)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 7 ++++++-
ssl/statem/statem_lib.c | 7 ++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 7ab30bd..53aa1dc 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3320,7 +3320,12 @@ int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE,
SSL_R_CANNOT_CHANGE_CIPHER);
- goto err;
+ /*
+ * This is a fatal error, which leaves
+ * enc_write_ctx in an inconsistent state
+ * and thus ssl3_send_alert may crash.
+ */
+ return 0;
}
return 1;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 5cd17f2..933f18e 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -501,7 +501,12 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
&& (!s->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, SSL_R_CANNOT_CHANGE_CIPHER);
- goto err;
+ /*
+ * This is a fatal error, which leaves
+ * enc_write_ctx in an inconsistent state
+ * and thus ssl3_send_alert may crash.
+ */
+ return 0;
}
if (s->server) {
More information about the openssl-commits
mailing list