[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Mar 27 15:26:06 UTC 2018 

The branch master has been updated
       via  9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66 (commit)
      from  53c9818e970fc0c22d77e19fda3b3e6f6c9e759d (commit)


- Log -----------------------------------------------------------------
commit 9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Mar 21 20:19:37 2018 +0000

    Assert that alpn_selected is NULL before we assign it
    
    The alpn_selected value in the session should be NULL before we first
    populate it if this is a new session. We assert to make sure it is.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5715)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/extensions_clnt.c | 10 +++++++++-
 ssl/statem/statem_srvr.c     | 12 +++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 5c36004..e4a5b3c 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1679,7 +1679,15 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         s->ext.early_data_ok = 0;
     }
     if (!s->hit) {
-        /* If a new session then update it with the selected ALPN */
+        /*
+         * This is a new session and so alpn_selected should have been
+         * initialised to NULL. We should update it with the selected ALPN.
+         */
+        if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
         s->session->ext.alpn_selected =
             OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
         if (s->session->ext.alpn_selected == NULL) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4985cdc..1313847 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2100,7 +2100,17 @@ int tls_handle_alpn(SSL *s)
                 s->ext.early_data_ok = 0;
 
                 if (!s->hit) {
-                    /* If a new session update it with the new ALPN value */
+                    /*
+                     * This is a new session and so alpn_selected should have
+                     * been initialised to NULL. We should update it with the
+                     * selected ALPN.
+                     */
+                    if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
                     s->session->ext.alpn_selected = OPENSSL_memdup(selected,
                                                                    selected_len);
                     if (s->session->ext.alpn_selected == NULL) {

More information about the openssl-commits mailing list