Fix race condition in ssl_parse_serverhello_tlsext CVE-2014-3509 (Imported from upstream's 92aa73bcbfad44f9dd7997ae51537ac5d7dc201e) Change-Id: Ibc681897251081ae5ebfea0ff6ca9defd73fe0f5 Reviewed-on: https://boringssl-review.googlesource.com/1441 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 5ba06a75324e33a8381556b98e52f5a3247227d0 [log] [tgz]
author: Adam Langley <agl@chromium.org> Wed Aug 06 17:27:31 2014 -0700
committer: Adam Langley <agl@google.com> Thu Aug 07 21:11:23 2014 +0000
tree: f9eb9eeba3ed7d20a22e38d9489da457939f5d2d
parent: 0dccfbc6c7dda409deb1ce88fd21caf50d4f9bde [diff]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7c52c7e..8e77ef2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -2328,12 +2328,15 @@
 				return 0;
 				}
 
-			if (!CBS_stow(&ec_point_format_list,
-					&s->session->tlsext_ecpointformatlist,
-					&s->session->tlsext_ecpointformatlist_length))
+			if (!s->hit)
 				{
-				*out_alert = SSL_AD_INTERNAL_ERROR;
-				return 0;
+				if (!CBS_stow(&ec_point_format_list,
+						&s->session->tlsext_ecpointformatlist,
+						&s->session->tlsext_ecpointformatlist_length))
+					{
+					*out_alert = SSL_AD_INTERNAL_ERROR;
+					return 0;
+					}
 				}
 			}
 #endif /* OPENSSL_NO_EC */
commit	5ba06a75324e33a8381556b98e52f5a3247227d0	[log] [tgz]
author	Adam Langley <agl@chromium.org>	Wed Aug 06 17:27:31 2014 -0700
committer	Adam Langley <agl@google.com>	Thu Aug 07 21:11:23 2014 +0000
tree	f9eb9eeba3ed7d20a22e38d9489da457939f5d2d
parent	0dccfbc6c7dda409deb1ce88fd21caf50d4f9bde [diff]