Fix bug in TLSv1.3 PSK processing

The recent SSL error overhaul left a case where an error occurs but SSLfatal() is not called. Credit to OSSfuzz for finding this issue. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4847)

Fix bug in TLSv1.3 PSK processing
The recent SSL error overhaul left a case where an error occurs but SSLfatal() is not called. Credit to OSSfuzz for finding this issue. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4847)
2894e9cb · Matt Caswell · 723a7c5a · 2894e9cb
隐藏空白更改
内联并排

Showing with 8 addition and 5 deletion

ssl/statem/extensions_srvr.c ssl/statem/extensions_srvr.c +8 -5

未找到文件。
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -850,11 +850,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
        }
    }

-    if (PACKET_remaining(&binder) != hashsize
-            || tls_psk_do_binder(s, md,
-                                 (const unsigned char *)s->init_buf->data,
-                                 binderoffset, PACKET_data(&binder), NULL,
-                                 sess, 0, ext) != 1) {
+    if (PACKET_remaining(&binder) != hashsize) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+    if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,
+                          binderoffset, PACKET_data(&binder), NULL, sess, 0,
+                          ext) != 1) {
        /* SSLfatal() already called */
        goto err;
    }