[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Aug 6 13:13:06 UTC 2018
The branch master has been updated
via 1cde025957a598934b838b1de26ae9090659d17f (commit)
from f38edcab594b4934bd9625ef889934b2dfb5d1f0 (commit)
- Log -----------------------------------------------------------------
commit 1cde025957a598934b838b1de26ae9090659d17f
Author: Matt Caswell <matt at openssl.org>
Date: Fri Aug 3 12:02:35 2018 +0100
Ensure we send an alert on error when processing a ticket
In some scenarios the connection could fail without an alert being sent.
This causes a later assertion failure.
Thanks to Quarkslab for reporting this.
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Ben Kaduk <kaduk at mit.edu>
(Merged from https://github.com/openssl/openssl/pull/6852)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ad79fef..e846f77 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2647,10 +2647,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
PACKET extpkt;
if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
- || PACKET_remaining(pkt) != 0
- || !tls_collect_extensions(s, &extpkt,
- SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
- &exts, NULL, 1)
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (!tls_collect_extensions(s, &extpkt,
+ SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,
+ NULL, 1)
|| !tls_parse_all_extensions(s,
SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
exts, NULL, 0, 1)) {
More information about the openssl-commits
mailing list