summaryrefslogtreecommitdiffstats
path: root/ssl/statem/statem_srvr.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2018-08-06 14:02:09 +0100
committerMatt Caswell <matt@openssl.org>2018-08-08 09:58:16 +0100
commitb4f001eb1a9e0bd0fda8f3c7dfbccb6422ad8c47 (patch)
tree892851545ba500599a1bb84d318b4629090bd258 /ssl/statem/statem_srvr.c
parent080769102a0bb41c23f81cf4f4f8060991dd0b8e (diff)
Fix a missing call to SSLfatal
Under certain error conditions a call to SSLfatal could accidently be missed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6872)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r--ssl/statem/statem_srvr.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 01b07a9346..eb9070ecc4 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2370,15 +2370,19 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
|| !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
- || !WPACKET_put_bytes_u8(pkt, compm)
- || !tls_construct_extensions(s, pkt,
- s->hello_retry_request
- == SSL_HRR_PENDING
- ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
- : (SSL_IS_TLS13(s)
- ? SSL_EXT_TLS1_3_SERVER_HELLO
- : SSL_EXT_TLS1_2_SERVER_HELLO),
- NULL, 0)) {
+ || !WPACKET_put_bytes_u8(pkt, compm)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (!tls_construct_extensions(s, pkt,
+ s->hello_retry_request == SSL_HRR_PENDING
+ ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+ : (SSL_IS_TLS13(s)
+ ? SSL_EXT_TLS1_3_SERVER_HELLO
+ : SSL_EXT_TLS1_2_SERVER_HELLO),
+ NULL, 0)) {
/* SSLfatal() already called */
return 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-12 04:57:55 +0000