Fix out-of-bounds access in tables[][] that was exposed in bluhm's

regress on i386 after inoguchi moved some symbols to const. ok inoguchi jsing deraadt
author: tb <> 2020-05-04 14:20:36 +0000
committer: tb <> 2020-05-04 14:20:36 +0000
commit: 8b8f4425fc0851a2c66a95a7cb36b974dcd60b64 (patch)
tree: c45efe8d6ff1d0f1610e38d37ca5337248a9962c
parent: 7a3a8eb5b74aad740ccb6e2e651923eca93ed061 (diff)
download: openbsd-8b8f4425fc0851a2c66a95a7cb36b974dcd60b64.tar.gz
openbsd-8b8f4425fc0851a2c66a95a7cb36b974dcd60b64.tar.bz2
openbsd-8b8f4425fc0851a2c66a95a7cb36b974dcd60b64.zip
1 files changed, 8 insertions, 6 deletions
diff --git a/src/regress/lib/libssl/handshake/handshake_table.c b/src/regress/lib/libssl/handshake/handshake_table.c
index a8c68970db..2728dd84a1 100644
--- a/src/regress/lib/libssl/handshake/handshake_table.c
+++ b/src/regress/lib/libssl/handshake/handshake_table.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: handshake_table.c,v 1.13 2020/04/22 17:05:53 jsing Exp $      */
+/*      $OpenBSD: handshake_table.c,v 1.14 2020/05/04 14:20:36 tb Exp $ */
 /*
 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
 *
@@ -21,6 +21,8 @@
 #include <stdlib.h>
 #include <unistd.h>
+#define MAX_FLAGS (UINT8_MAX + 1)
 #include "tls13_handshake.h"
 /*
@@ -134,7 +136,7 @@ static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = {
 const size_t     stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]);
 void             build_table(enum tls13_message_type
-                     table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
+                     table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
                     struct child current, struct child end,
                     struct child path[], uint8_t flags, unsigned int depth);
 size_t           count_handshakes(void);
@@ -152,7 +154,7 @@ void		 fprint_flags(FILE *stream, uint8_t flags);
 const char      *mt2str(enum tls13_message_type mt);
 __dead void      usage(void);
 int              verify_table(enum tls13_message_type
-                     table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], int print);
+                     table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
 const char *
 flag2str(uint8_t flag)
@@ -370,7 +372,7 @@ count_handshakes(void)
 }
 void
-build_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
+build_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
    struct child current, struct child end, struct child path[], uint8_t flags,
    unsigned int depth)
 {
@@ -409,7 +411,7 @@ build_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
 }
 int
-verify_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
+verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
    int print)
 {
        int     success = 1, i;
@@ -458,7 +460,7 @@ int
 main(int argc, char *argv[])
 {
        static enum tls13_message_type
-            hs_table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES] = {
+            hs_table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES] = {
                [INITIAL] = {
                        CLIENT_HELLO,
                        SERVER_HELLO_RETRY_REQUEST,
author	tb <>	2020-05-04 14:20:36 +0000
committer	tb <>	2020-05-04 14:20:36 +0000
commit	8b8f4425fc0851a2c66a95a7cb36b974dcd60b64 (patch)
tree	c45efe8d6ff1d0f1610e38d37ca5337248a9962c
parent	7a3a8eb5b74aad740ccb6e2e651923eca93ed061 (diff)
download	openbsd-8b8f4425fc0851a2c66a95a7cb36b974dcd60b64.tar.gz openbsd-8b8f4425fc0851a2c66a95a7cb36b974dcd60b64.tar.bz2 openbsd-8b8f4425fc0851a2c66a95a7cb36b974dcd60b64.zip