Fix the check_fatal macro
authorMatt Caswell <matt@openssl.org>
Tue, 5 Dec 2017 13:37:26 +0000 (13:37 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 6 Dec 2017 14:56:28 +0000 (14:56 +0000)
The check_fatal macro is supposed to only be called if we are already
expecting to be in the fatal state. The macro asserts that we are and
puts us into the fatal state if not.

This issue combined with the problem fixed in the previous commit meant
that the fuzzer detected a crash at a point in the processing when we
should have already been in the fatal state.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4847)

ssl/statem/statem.c

index 0cacc4a..29660d5 100644 (file)
@@ -135,7 +135,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
 #define check_fatal(s, f) \
     do { \
         if (!ossl_assert((s)->statem.in_init \
-                         || (s)->statem.state != MSG_FLOW_ERROR)) \
+                         && (s)->statem.state == MSG_FLOW_ERROR)) \
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
                      SSL_R_MISSING_FATAL); \
     } while (0)