projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4f1b96f) | patch
Don't use OPENSSL_strdup() for copying alpn_selected
authorMatt Caswell <matt@openssl.org>
Mon, 18 Jun 2018 10:30:21 +0000 (11:30 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 21 Jun 2018 10:07:45 +0000 (11:07 +0100)
commit27232cc3385260311e7fd2f6cd78db967cae650d
treec12f2414e34c02a2b8fe8853b7fdb318943bbe3etree | snapshot
parent4f1b96f9fcd2545b42186832ce2354d005ebe468commit | diff
Don't use OPENSSL_strdup() for copying alpn_selected

An alpn_selected value containing NUL bytes in it will result in
ext.alpn_selected_len having a larger value than the number of bytes
allocated in ext.alpn_selected.

Issue found by OSS-fuzz.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6507)
ssl/ssl_asn1.c diff | blob | history
ssl/ssl_sess.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.