Fix the check_fatal macro

The check_fatal macro is supposed to only be called if we are already expecting to be in the fatal state. The macro asserts that we are and puts us into the fatal state if not. This issue combined with the problem fixed in the previous commit meant that the fuzzer detected a crash at a point in the processing when we should have already been in the fatal state. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4847)

Fix the check_fatal macro
The check_fatal macro is supposed to only be called if we are already expecting to be in the fatal state. The macro asserts that we are and puts us into the fatal state if not. This issue combined with the problem fixed in the previous commit meant that the fuzzer detected a crash at a point in the processing when we should have already been in the fatal state. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4847)
e1dd8fa0 · Matt Caswell · 2894e9cb · e1dd8fa0
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/statem/statem.c ssl/statem/statem.c +1 -1

未找到文件。
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -135,7 +135,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
 #define check_fatal(s, f) \
    do { \
        if (!ossl_assert((s)->statem.in_init \
-                         || (s)->statem.state != MSG_FLOW_ERROR)) \
+                         && (s)->statem.state == MSG_FLOW_ERROR)) \
            SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
                     SSL_R_MISSING_FATAL); \
    } while (0)