diff options
author | Pauli <ppzgs1@gmail.com> | 2021-03-17 12:00:42 +1000 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2021-03-18 21:21:06 +1000 |
commit | 1136fedc334b574eef6f551be158860fda4199f2 (patch) | |
tree | 7adc207c8f9bf02e5448eedfd9f07f0085724cf1 /ssl | |
parent | 81198bf323ea9deda907714170d329ca7d2ff01f (diff) |
ssl: fix coverity 1451515: out of bounds memory access
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14585)
(cherry picked from commit 3de7f014a985637361bdee775f78209300c88aae)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_clnt.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index d84cc0460f..09fba3d8c0 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2905,6 +2905,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, |