From 460f8be5c360d203bab35f98b05092261d9701b0 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 10 May 2020 14:07:01 +0000 Subject: Only reset TLS extension state when parsing client hello or server hello. With TLSv1.3 we end up parsing extensions from more than just these two messages. This can result in variables (like the selected alpn) being freed when things still need them. ok tb@ --- src/lib/libssl/ssl_tlsext.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index bc122686c9..65e53f93be 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.65 2020/05/09 15:05:50 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.66 2020/05/10 14:07:01 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2061,8 +2061,9 @@ tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type) int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type) { - /* XXX - this possibly should be done by the caller... */ - tlsext_server_reset_state(s); + /* XXX - this should be done by the caller... */ + if (msg_type == SSL_TLSEXT_MSG_CH) + tlsext_server_reset_state(s); return tlsext_parse(s, cbs, alert, 1, msg_type); } @@ -2084,8 +2085,9 @@ tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type) int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type) { - /* XXX - this possibly should be done by the caller... */ - tlsext_client_reset_state(s); + /* XXX - this should be done by the caller... */ + if (msg_type == SSL_TLSEXT_MSG_SH) + tlsext_client_reset_state(s); return tlsext_parse(s, cbs, alert, 0, msg_type); } -- cgit v1.2.3-55-g6feb