The branch master has been updated via 9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66 (commit) from 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d (commit)
- Log ----------------------------------------------------------------- commit 9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66 Author: Matt Caswell <m...@openssl.org> Date: Wed Mar 21 20:19:37 2018 +0000 Assert that alpn_selected is NULL before we assign it The alpn_selected value in the session should be NULL before we first populate it if this is a new session. We assert to make sure it is. Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5715) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_clnt.c | 10 +++++++++- ssl/statem/statem_srvr.c | 12 +++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 5c36004..e4a5b3c 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1679,7 +1679,15 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.early_data_ok = 0; } if (!s->hit) { - /* If a new session then update it with the selected ALPN */ + /* + * This is a new session and so alpn_selected should have been + * initialised to NULL. We should update it with the selected ALPN. + */ + if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 4985cdc..1313847 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2100,7 +2100,17 @@ int tls_handle_alpn(SSL *s) s->ext.early_data_ok = 0; if (!s->hit) { - /* If a new session update it with the new ALPN value */ + /* + * This is a new session and so alpn_selected should have + * been initialised to NULL. We should update it with the + * selected ALPN. + */ + if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_HANDLE_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } s->session->ext.alpn_selected = OPENSSL_memdup(selected, selected_len); if (s->session->ext.alpn_selected == NULL) { _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits