From: Bernd Edlinger Date: Tue, 11 Sep 2018 09:44:13 +0000 (+0200) Subject: Fix a possible recursion in SSLfatal handling X-Git-Tag: OpenSSL_1_1_1a~163 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5538ba99ab785287ad187909dd71f17040dbc180;p=oweals%2Fopenssl.git Fix a possible recursion in SSLfatal handling Fixes: #7161 (hopefully) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7175) (cherry picked from commit 6839a7a7f4973a3fc2f87b12664c26d524bef1f4) --- diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index d75f9ea036..f76c0e4803 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -118,11 +118,12 @@ void ossl_statem_set_renegotiate(SSL *s) void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file, int line) { + ERR_put_error(ERR_LIB_SSL, func, reason, file, line); /* We shouldn't call SSLfatal() twice. Once is enough */ - assert(s->statem.state != MSG_FLOW_ERROR); + if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR) + return; s->statem.in_init = 1; s->statem.state = MSG_FLOW_ERROR; - ERR_put_error(ERR_LIB_SSL, func, reason, file, line); if (al != SSL_AD_NO_ALERT && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID) ssl3_send_alert(s, SSL3_AL_FATAL, al);