[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Wed Sep 12 12:48:07 UTC 2018


The branch OpenSSL_1_1_1-stable has been updated
       via  5538ba99ab785287ad187909dd71f17040dbc180 (commit)
      from  18ef2dbbd720b6c1f7531e7d0c2ee38075c9f275 (commit)


- Log -----------------------------------------------------------------
commit 5538ba99ab785287ad187909dd71f17040dbc180
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Tue Sep 11 11:44:13 2018 +0200

    Fix a possible recursion in SSLfatal handling
    
    Fixes: #7161 (hopefully)
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/7175)
    
    (cherry picked from commit 6839a7a7f4973a3fc2f87b12664c26d524bef1f4)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index d75f9ea..f76c0e4 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -118,11 +118,12 @@ void ossl_statem_set_renegotiate(SSL *s)
 void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
                        int line)
 {
+    ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
     /* We shouldn't call SSLfatal() twice. Once is enough */
-    assert(s->statem.state != MSG_FLOW_ERROR);
+    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+      return;
     s->statem.in_init = 1;
     s->statem.state = MSG_FLOW_ERROR;
-    ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
     if (al != SSL_AD_NO_ALERT
             && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
         ssl3_send_alert(s, SSL3_AL_FATAL, al);


More information about the openssl-commits mailing list