[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Mar 18 11:19:39 UTC 2021


The branch master has been updated
       via  3de7f014a985637361bdee775f78209300c88aae (commit)
      from  145f12d12dc83c737676883c625c2a95d34251ed (commit)


- Log -----------------------------------------------------------------
commit 3de7f014a985637361bdee775f78209300c88aae
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 12:00:42 2021 +1000

    ssl: fix coverity 1451515: out of bounds memory access
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14585)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index e7917be4fb..666ee43363 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2767,6 +2767,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
 
     if (psklen > PSK_MAX_PSK_LEN) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_INTERNAL_ERROR);
+        psklen = PSK_MAX_PSK_LEN;   /* Avoid overrunning the array on cleanse */
         goto err;
     } else if (psklen == 0) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_PSK_IDENTITY_NOT_FOUND);


More information about the openssl-commits mailing list