From: Matt Caswell <matt@openssl.org>
Date: Wed, 11 Oct 2023 09:45:14 +0000 (+0100)
Subject: Don't fail on a bad dcid in the tranport params when fuzzing
X-Git-Tag: openssl-3.2.0-beta1~51
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b62ac1abfcac4091cdf8e5e4194c9e3bcc6d382d;p=thirdparty%2Fopenssl.git

Don't fail on a bad dcid in the tranport params when fuzzing

We accept a bad original destination connection id in the transport params
while we are fuzzing since this may change every time.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
---

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 9e5b841622..ef6ad15087 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -1311,11 +1311,13 @@ static int ch_on_transport_params(const unsigned char *params,
                 goto malformed;
             }
 
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
             /* Must match our initial DCID. */
             if (!ossl_quic_conn_id_eq(&ch->init_dcid, &cid)) {
                 reason = TP_REASON_EXPECTED_VALUE("ORIG_DCID");
                 goto malformed;
             }
+#endif
 
             got_orig_dcid = 1;
             break;