Avoid potential NULL dereference when parsing a server keyshare extension. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2020-02-16 16:36:40 +0000
committer	jsing <>	2020-02-16 16:36:40 +0000
commit	812ad337c921f61f8cec442544044558353e499b (patch)
tree	5ad7d065edd1539e670f2b19b2c2833d83e60d0c /src/lib/libssl/tls13_buffer.c
parent	fa0b5b94cc25e2b4dd64fd2788b5be80ec542d59 (diff)
download	openbsd-812ad337c921f61f8cec442544044558353e499b.tar.gz openbsd-812ad337c921f61f8cec442544044558353e499b.tar.bz2 openbsd-812ad337c921f61f8cec442544044558353e499b.zip

Avoid potential NULL dereference when parsing a server keyshare extension.

It is currently possible for key_share to be NULL when a TLS client receives a keyshare extension. However, for this to occur the client has to be doing TLS 1.2 or earlier, which means that it was invalid for the server to send the extension. As such, check for NULL and treat it as an invalid extension. Found by oss-fuzz (#20741 and #20745). ok inoguchi@ tb@

Diffstat (limited to 'src/lib/libssl/tls13_buffer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: