kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check for nullptr result of SSLKeyShare::Create().

Browse Source 
(Found by fuzzing.)

Change-Id: I5685a8ad1fedeb9535216e277c5a1fb1902d3338
Reviewed-on: https://boringssl-review.googlesource.com/27264
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Matthew Braithwaite 2018-04-10 15:32:03 -07:00 committed by CQ bot account: commit-bot@chromium.org
parent e2ab21d194
commit 5b2a51de6c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/ssl_key_share.cc
View File

@ -248,11 +248,11 @@ UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
UniquePtr<SSLKeyShare> SSLKeyShare::Create(CBS *in) { UniquePtr<SSLKeyShare> SSLKeyShare::Create(CBS *in) {
uint64_t group; uint64_t group;
if (!CBS_get_asn1_uint64(in, &group)) { if (!CBS_get_asn1_uint64(in, &group) || group > 0xffff) {
return nullptr; return nullptr;
} }
UniquePtr<SSLKeyShare> key_share = Create(static_cast<uint64_t>(group)); UniquePtr<SSLKeyShare> key_share = Create(static_cast<uint16_t>(group));
if (!key_share->Deserialize(in)) { if (!key_share || !key_share->Deserialize(in)) {
return nullptr; return nullptr;
} }
return key_share; return key_share;