Fix race condition in ssl_parse_serverhello_tlsext

author Gabor Tyukasz <Gabor.Tyukasz@logmein.com>

Wed, 23 Jul 2014 21:42:06 +0000 (23:42 +0200)

committer Matt Caswell <matt@openssl.org>

Wed, 6 Aug 2014 19:36:41 +0000 (20:36 +0100)
author Gabor Tyukasz <Gabor.Tyukasz@logmein.com>
Wed, 23 Jul 2014 21:42:06 +0000 (23:42 +0200)
committer Matt Caswell <matt@openssl.org>
Wed, 6 Aug 2014 19:36:41 +0000 (20:36 +0100)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 4374d6aadd3d5b0804d13d338b27408d8102e8b5..749d88d1a9d9a6faa535437c236104497f0d1a66 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2647,15 +2647,18 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
                                 *al = TLS1_AD_DECODE_ERROR;
                                 return 0;
                                 }
-                       s->session->tlsext_ecpointformatlist_length = 0;
-                       if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
-                       if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+                       if (!s->hit)
                                 {
-                               *al = TLS1_AD_INTERNAL_ERROR;
-                               return 0;
+                               s->session->tlsext_ecpointformatlist_length = 0;
+                               if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                               if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+                                       {
+                                       *al = TLS1_AD_INTERNAL_ERROR;
+                                       return 0;
+                                       }
+                               s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+                               memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
                                 }
-                       s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
-                       memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
  #if 0
                         fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
                         sdata = s->session->tlsext_ecpointformatlist;
author	Gabor Tyukasz <Gabor.Tyukasz@logmein.com>
	Wed, 23 Jul 2014 21:42:06 +0000 (23:42 +0200)
committer	Matt Caswell <matt@openssl.org>
	Wed, 6 Aug 2014 19:36:41 +0000 (20:36 +0100)