The branch master has been updated via b4f001eb1a9e0bd0fda8f3c7dfbccb6422ad8c47 (commit) from 080769102a0bb41c23f81cf4f4f8060991dd0b8e (commit)
- Log ----------------------------------------------------------------- commit b4f001eb1a9e0bd0fda8f3c7dfbccb6422ad8c47 Author: Matt Caswell <m...@openssl.org> Date: Mon Aug 6 14:02:09 2018 +0100 Fix a missing call to SSLfatal Under certain error conditions a call to SSLfatal could accidently be missed. Reviewed-by: Ben Kaduk <ka...@mit.edu> Reviewed-by: Andy Polyakov <ap...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6872) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 01b07a9..eb9070e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2370,15 +2370,19 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl) || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len) - || !WPACKET_put_bytes_u8(pkt, compm) - || !tls_construct_extensions(s, pkt, - s->hello_retry_request - == SSL_HRR_PENDING - ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST - : (SSL_IS_TLS13(s) - ? SSL_EXT_TLS1_3_SERVER_HELLO - : SSL_EXT_TLS1_2_SERVER_HELLO), - NULL, 0)) { + || !WPACKET_put_bytes_u8(pkt, compm)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!tls_construct_extensions(s, pkt, + s->hello_retry_request == SSL_HRR_PENDING + ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST + : (SSL_IS_TLS13(s) + ? SSL_EXT_TLS1_3_SERVER_HELLO + : SSL_EXT_TLS1_2_SERVER_HELLO), + NULL, 0)) { /* SSLfatal() already called */ return 0; } _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits