ssl: fix coverity 1451515: out of bounds memory access

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14585) (cherry picked from commit 3de7f014a985637361bdee775f78209300c88aae)
author: Pauli <ppzgs1@gmail.com> 2021-03-17 12:00:42 +1000
committer: Pauli <ppzgs1@gmail.com> 2021-03-18 21:21:06 +1000
commit: 1136fedc334b574eef6f551be158860fda4199f2 (patch)
tree: 7adc207c8f9bf02e5448eedfd9f07f0085724cf1 /ssl/statem/statem_clnt.c
parent: 81198bf323ea9deda907714170d329ca7d2ff01f (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d84cc0460f..09fba3d8c0 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2905,6 +2905,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
     if (psklen > PSK_MAX_PSK_LEN) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
                  SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        psklen = PSK_MAX_PSK_LEN;   /* Avoid overrunning the array on cleanse */
         goto err;
     } else if (psklen == 0) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
author	Pauli <ppzgs1@gmail.com>	2021-03-17 12:00:42 +1000
committer	Pauli <ppzgs1@gmail.com>	2021-03-18 21:21:06 +1000
commit	1136fedc334b574eef6f551be158860fda4199f2 (patch)
tree	7adc207c8f9bf02e5448eedfd9f07f0085724cf1 /ssl/statem/statem_clnt.c
parent	81198bf323ea9deda907714170d329ca7d2ff01f (diff)