Fix race condition in ssl_parse_serverhello_tlsext

CVE-2014-3509

(Imported from upstream's 92aa73bcbfad44f9dd7997ae51537ac5d7dc201e)

Change-Id: Ibc681897251081ae5ebfea0ff6ca9defd73fe0f5
Reviewed-on: https://boringssl-review.googlesource.com/1441
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Adam Langley 2014-08-06 17:27:31 -07:00 committed by Adam Langley
parent 0dccfbc6c7
commit 5ba06a7532

View File

@ -2328,6 +2328,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert)
return 0;
}
if (!s->hit)
{
if (!CBS_stow(&ec_point_format_list,
&s->session->tlsext_ecpointformatlist,
&s->session->tlsext_ecpointformatlist_length))
@ -2336,6 +2338,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert)
return 0;
}
}
}
#endif /* OPENSSL_NO_EC */
else if (type == TLSEXT_TYPE_session_ticket)
{