openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL 

This currently cannot happen without an application overriding
the session with some bogus data so this is an ossl_assert()
check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22418)
This commit is contained in:
Alexey Fofanov 2023-10-18 14:23:22 +03:00 committed by Tomas Mraz
parent ae9fe65d9f
commit 9890cc42da
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/statem/statem_clnt.c
View File

@ -1427,6 +1427,10 @@ static int set_client_ciphersuite(SSL_CONNECTION *s,
if (SSL_CONNECTION_IS_TLS13(s)) {
const EVP_MD *md = ssl_md(sctx, c->algorithm2);
if (!ossl_assert(s->session->cipher != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
/*
* In TLSv1.3 it is valid for the server to select a different
* ciphersuite as long as the hash is the same.