Fix race condition in ssl_parse_serverhello_tlsext
CVE-2014-3509
(Imported from upstream's 92aa73bcbfad44f9dd7997ae51537ac5d7dc201e)
Change-Id: Ibc681897251081ae5ebfea0ff6ca9defd73fe0f5
Reviewed-on: https://boringssl-review.googlesource.com/1441
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7c52c7e..8e77ef2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2328,12 +2328,15 @@
return 0;
}
- if (!CBS_stow(&ec_point_format_list,
- &s->session->tlsext_ecpointformatlist,
- &s->session->tlsext_ecpointformatlist_length))
+ if (!s->hit)
{
- *out_alert = SSL_AD_INTERNAL_ERROR;
- return 0;
+ if (!CBS_stow(&ec_point_format_list,
+ &s->session->tlsext_ecpointformatlist,
+ &s->session->tlsext_ecpointformatlist_length))
+ {
+ *out_alert = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
}
}
#endif /* OPENSSL_NO_EC */