summaryrefslogtreecommitdiffstats
path: root/ssl/ssl_sess.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2018-06-18 11:30:21 +0100
committerMatt Caswell <matt@openssl.org>2018-06-21 11:07:45 +0100
commit27232cc3385260311e7fd2f6cd78db967cae650d (patch)
treec12f2414e34c02a2b8fe8853b7fdb318943bbe3e /ssl/ssl_sess.c
parent4f1b96f9fcd2545b42186832ce2354d005ebe468 (diff)
Don't use OPENSSL_strdup() for copying alpn_selected
An alpn_selected value containing NUL bytes in it will result in ext.alpn_selected_len having a larger value than the number of bytes allocated in ext.alpn_selected. Issue found by OSS-fuzz. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6507)
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r--ssl/ssl_sess.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 0723765366..fde4187d9c 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -220,13 +220,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
dest->ext.ticklen = 0;
}
- if (src->ext.alpn_selected) {
- dest->ext.alpn_selected =
- (unsigned char*)OPENSSL_strndup((char*)src->ext.alpn_selected,
- src->ext.alpn_selected_len);
- if (dest->ext.alpn_selected == NULL) {
+ if (src->ext.alpn_selected != NULL) {
+ dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
+ src->ext.alpn_selected_len);
+ if (dest->ext.alpn_selected == NULL)
goto err;
- }
}
#ifndef OPENSSL_NO_SRP
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 23:29:08 +0000