[openssl/openssl] ef9ac2: test/bad_dtls_test.c: Add checks for the EVP_MD_CT...
JiashengJiang
noreply at github.com
Mon Apr 1 17:59:34 UTC 2024
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: ef9ac2f9b8b648406424c7c002fb94b0fae0434a
https://github.com/openssl/openssl/commit/ef9ac2f9b8b648406424c7c002fb94b0fae0434a
Author: Jiasheng Jiang <jiasheng at purdue.edu>
Date: 2024-04-01 (Mon, 01 Apr 2024)
Changed paths:
M test/bad_dtls_test.c
Log Message:
-----------
test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()
Add the check for the EVP_MD_CTX_get_size() to avoid integer overflow when it is implicitly casted from int to size_t in evp_pkey_ctx_store_cached_data().
The call path is do_PRF() -> EVP_PKEY_CTX_add1_tls1_prf_seed() -> evp_pkey_ctx_set1_octet_string() -> EVP_PKEY_CTX_ctrl() -> evp_pkey_ctx_store_cached_data().
Fixes: 16938284cf ("Add basic test for Cisco DTLS1_BAD_VER and record replay handling")
Signed-off-by: Jiasheng Jiang <jiasheng at purdue.edu>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23952)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list