From: Paul Yang <yang.yang@baishancloud.com>
Date: Mon, 9 Oct 2017 09:16:17 +0000 (+0800)
Subject: Fix reading heap overflow in a test case
X-Git-Tag: OpenSSL_1_1_1-pre1~550
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c7558d5be178b89648063fd8a001b7ab29616989;p=oweals%2Fopenssl.git

Fix reading heap overflow in a test case

Caught by AddressSanitizer

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4497)
---

diff --git a/test/sslapitest.c b/test/sslapitest.c
index c1137b08a5..3412aff17f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1974,15 +1974,16 @@ static int hostname_cb(SSL *s, int *al, void *arg)
 
 static const char *servalpn;
 
-static int alpn_select_cb (SSL *ssl, const unsigned char **out, unsigned char *outlen,
-                    const unsigned char *in, unsigned int inlen, void *arg)
+static int alpn_select_cb(SSL *ssl, const unsigned char **out,
+                          unsigned char *outlen, const unsigned char *in,
+                          unsigned int inlen, void *arg)
 {
-    unsigned int i, protlen = 0;
+    unsigned int protlen = 0;
     const unsigned char *prot;
 
-    for (i = 0, prot = in; i < inlen; i += protlen, prot += protlen) {
-        protlen = *(prot++);
-        if (inlen - i < protlen)
+    for (prot = in; prot < in + inlen; prot += protlen) {
+        protlen = *prot++;
+        if (in + inlen - prot < protlen)
             return SSL_TLSEXT_ERR_NOACK;
 
         if (protlen == strlen(servalpn)