kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix race condition in ssl_parse_serverhello_tlsext

Browse Source 
CVE-2014-3509

(Imported from upstream's 92aa73bcbfad44f9dd7997ae51537ac5d7dc201e)

Change-Id: Ibc681897251081ae5ebfea0ff6ca9defd73fe0f5
Reviewed-on: https://boringssl-review.googlesource.com/1441
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Adam Langley 2014-08-06 17:27:31 -07:00 committed by Adam Langley
parent 0dccfbc6c7
commit 5ba06a7532
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/t1_lib.c
View File

@ -2328,12 +2328,15 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert)
return 0;
}
if (!CBS_stow(&ec_point_format_list,
&s->session->tlsext_ecpointformatlist,
&s->session->tlsext_ecpointformatlist_length))
if (!s->hit)
{
*out_alert = SSL_AD_INTERNAL_ERROR;
return 0;
if (!CBS_stow(&ec_point_format_list,
&s->session->tlsext_ecpointformatlist,
&s->session->tlsext_ecpointformatlist_length))
{
*out_alert = SSL_AD_INTERNAL_ERROR;
return 0;
}
}
}
#endif /* OPENSSL_NO_EC */