diff options
author | Matt Caswell <matt@openssl.org> | 2018-03-21 20:19:37 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-03-27 16:19:17 +0100 |
commit | 9d5db9c9ab9b9f2f2a5ce9795405e8334cd2ce66 (patch) | |
tree | 774ec2fae08e9a38d96260763d38de5e19b97f90 | |
parent | 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d (diff) |
Assert that alpn_selected is NULL before we assign it
The alpn_selected value in the session should be NULL before we first
populate it if this is a new session. We assert to make sure it is.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5715)
-rw-r--r-- | ssl/statem/extensions_clnt.c | 10 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 12 |
2 files changed, 20 insertions, 2 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 5c360042ae..e4a5b3cddc 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1679,7 +1679,15 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.early_data_ok = 0; } if (!s->hit) { - /* If a new session then update it with the selected ALPN */ + /* + * This is a new session and so alpn_selected should have been + * initialised to NULL. We should update it with the selected ALPN. + */ + if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 4985cdc702..1313847cbf 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2100,7 +2100,17 @@ int tls_handle_alpn(SSL *s) s->ext.early_data_ok = 0; if (!s->hit) { - /* If a new session update it with the new ALPN value */ + /* + * This is a new session and so alpn_selected should have + * been initialised to NULL. We should update it with the + * selected ALPN. + */ + if (!ossl_assert(s->session->ext.alpn_selected == NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_HANDLE_ALPN, + ERR_R_INTERNAL_ERROR); + return 0; + } s->session->ext.alpn_selected = OPENSSL_memdup(selected, selected_len); if (s->session->ext.alpn_selected == NULL) { |