Assert that SSLfatal() only gets called once
authorMatt Caswell <matt@openssl.org>
Thu, 23 Nov 2017 12:33:11 +0000 (12:33 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 4 Dec 2017 13:31:48 +0000 (13:31 +0000)
We shouldn't call SSLfatal() multiple times for the same error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)

ssl/statem/statem.c
ssl/statem/statem_clnt.c

index 5c158fa..fe34841 100644 (file)
@@ -11,6 +11,7 @@
 #include <openssl/rand.h>
 #include "../ssl_locl.h"
 #include "statem_locl.h"
+#include <assert.h>
 
 /*
  * This file implements the SSL/TLS/DTLS state machines.
@@ -117,6 +118,8 @@ void ossl_statem_set_renegotiate(SSL *s)
 void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
                        int line)
 {
+    /* We shouldn't call SSLfatal() twice. Once is enough */
+    assert(s->statem.state != MSG_FLOW_ERROR);
     s->statem.in_init = 1;
     s->statem.state = MSG_FLOW_ERROR;
     ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
index 4bd9457..038fac9 100644 (file)
@@ -2938,10 +2938,12 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
     return 1;
  err:
     EVP_PKEY_free(ckey);
-#endif
+    return 0;
+#else
     SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
              ERR_R_INTERNAL_ERROR);
     return 0;
+#endif
 }
 
 static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)