Do not assume that server_group != 0 or tlsext_supportedgroups != NULL - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-05-23 08:47:19 +0000
committer	tb <>	2020-05-23 08:47:19 +0000
commit	600b8d8760845e0bc65bf4bd057ede30af717a4b (patch)
tree	ff8ad2a5ab8226a8d16a168de4c9b55ae8daabcb /src/usr.bin/openssl/s_server.c
parent	e3b013782277e76aed5bd5e586a0cbab98ef90e7 (diff)
download	openbsd-600b8d8760845e0bc65bf4bd057ede30af717a4b.tar.gz openbsd-600b8d8760845e0bc65bf4bd057ede30af717a4b.tar.bz2 openbsd-600b8d8760845e0bc65bf4bd057ede30af717a4b.zip

Do not assume that server_group != 0 or tlsext_supportedgroups != NULL

implies that we're dealing with a HRR in the extension handling code. Explicitly check that we're in this situation by inspecting the flag in the handshake context. Add missing error checks and send the appropriate alerts. The hrr flag needs to be unset after parsing the client hello retry to avoid breaking the server hello handling. All this is far from ideal, but better than nothing. The correct fix would likely be to make the message type available but that would need to be part of a more extensive rearchitecture of the extension handling. Discussed at length with jsing

Diffstat (limited to 'src/usr.bin/openssl/s_server.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: