Do not assume that server_group != 0 or tlsext_supportedgroups != NULL - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-05-23 08:47:19 +0000
committer	tb <>	2020-05-23 08:47:19 +0000
commit	75a517d36cb6927c5e5e2af71f5bed9d6ac6b884 (patch)
tree	ff8ad2a5ab8226a8d16a168de4c9b55ae8daabcb /src/lib/libssl/ssl_lib.c
parent	b252d4c293dcc14a07d6eff59aab97e224d207b2 (diff)
download	openbsd-75a517d36cb6927c5e5e2af71f5bed9d6ac6b884.tar.gz openbsd-75a517d36cb6927c5e5e2af71f5bed9d6ac6b884.tar.bz2 openbsd-75a517d36cb6927c5e5e2af71f5bed9d6ac6b884.zip

Do not assume that server_group != 0 or tlsext_supportedgroups != NULL

implies that we're dealing with a HRR in the extension handling code. Explicitly check that we're in this situation by inspecting the flag in the handshake context. Add missing error checks and send the appropriate alerts. The hrr flag needs to be unset after parsing the client hello retry to avoid breaking the server hello handling. All this is far from ideal, but better than nothing. The correct fix would likely be to make the message type available but that would need to be part of a more extensive rearchitecture of the extension handling. Discussed at length with jsing

Diffstat (limited to 'src/lib/libssl/ssl_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: