Fix the check_fatal macro
authorMatt Caswell <matt@openssl.org>
Tue, 5 Dec 2017 13:37:26 +0000 (13:37 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Dec 2017 14:56:28 +0000 (14:56 +0000)
The check_fatal macro is supposed to only be called if we are already
expecting to be in the fatal state. The macro asserts that we are and
puts us into the fatal state if not.

This issue combined with the problem fixed in the previous commit meant
that the fuzzer detected a crash at a point in the processing when we
should have already been in the fatal state.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4847)

ssl/statem/statem.c

index 0cacc4acb73d703e5a78b5714dcbf06701b8ffd1..29660d59c422d811576bd8d3f546158d09f81403 100644 (file)
@@ -135,7 +135,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
 #define check_fatal(s, f) \
     do { \
         if (!ossl_assert((s)->statem.in_init \
 #define check_fatal(s, f) \
     do { \
         if (!ossl_assert((s)->statem.in_init \
-                         || (s)->statem.state != MSG_FLOW_ERROR)) \
+                         && (s)->statem.state == MSG_FLOW_ERROR)) \
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
                      SSL_R_MISSING_FATAL); \
     } while (0)
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
                      SSL_R_MISSING_FATAL); \
     } while (0)