The branch master has been updated
via 1cde025957a598934b838b1de26ae9090659d17f (commit)
from f38edcab594b4934bd9625ef889934b2dfb5d1f0 (commit)
- Log -----------------------------------------------------------------
commit 1cde025957a598934b838b1de26ae9090659d17f
Author: Matt Caswell <[email protected]>
Date: Fri Aug 3 12:02:35 2018 +0100
Ensure we send an alert on error when processing a ticket
In some scenarios the connection could fail without an alert being sent.
This causes a later assertion failure.
Thanks to Quarkslab for reporting this.
Reviewed-by: Andy Polyakov <[email protected]>
Reviewed-by: Ben Kaduk <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/6852)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ad79fef..e846f77 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2647,10 +2647,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL
*s, PACKET *pkt)
PACKET extpkt;
if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
- || PACKET_remaining(pkt) != 0
- || !tls_collect_extensions(s, &extpkt,
- SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
- &exts, NULL, 1)
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (!tls_collect_extensions(s, &extpkt,
+ SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,
+ NULL, 1)
|| !tls_parse_all_extensions(s,
SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
exts, NULL, 0, 1)) {
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
