From c7558d5be178b89648063fd8a001b7ab29616989 Mon Sep 17 00:00:00 2001 From: Paul Yang Date: Mon, 9 Oct 2017 17:16:17 +0800 Subject: [PATCH] Fix reading heap overflow in a test case Caught by AddressSanitizer Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/4497) --- test/sslapitest.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index c1137b08a5..3412aff17f 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1974,15 +1974,16 @@ static int hostname_cb(SSL *s, int *al, void *arg) static const char *servalpn; -static int alpn_select_cb (SSL *ssl, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) +static int alpn_select_cb(SSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) { - unsigned int i, protlen = 0; + unsigned int protlen = 0; const unsigned char *prot; - for (i = 0, prot = in; i < inlen; i += protlen, prot += protlen) { - protlen = *(prot++); - if (inlen - i < protlen) + for (prot = in; prot < in + inlen; prot += protlen) { + protlen = *prot++; + if (in + inlen - prot < protlen) return SSL_TLSEXT_ERR_NOACK; if (protlen == strlen(servalpn) -- 2.25.1