diff options
author | Alexey Fofanov <avoget@gmail.com> | 2023-10-18 14:23:22 +0300 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-11-13 12:52:43 +0100 |
commit | 9890cc42daff5e2d0cad01ac4bf78c391f599a6e (patch) | |
tree | 8eddee8dfdb5f3fe35238065fbeea551958b2245 /ssl/statem | |
parent | ae9fe65d9f85e027bd7428e0f84aa46ab368880e (diff) | |
download | openssl-9890cc42daff5e2d0cad01ac4bf78c391f599a6e.tar.gz |
set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL
This currently cannot happen without an application overriding
the session with some bogus data so this is an ossl_assert()
check.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22418)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index cbf5a57beb..3b3c51e41c 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1427,6 +1427,10 @@ static int set_client_ciphersuite(SSL_CONNECTION *s, if (SSL_CONNECTION_IS_TLS13(s)) { const EVP_MD *md = ssl_md(sctx, c->algorithm2); + if (!ossl_assert(s->session->cipher != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } /* * In TLSv1.3 it is valid for the server to select a different * ciphersuite as long as the hash is the same. |