From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Fri, 24 Oct 2025 19:49:58 +0000 (+0800)
Subject: vtls: check final cfilter node in find_ssl_filter
X-Git-Tag: curl-8_17_0~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0d5e24281dc7b49c396fda0d61126a05916fdda1;p=thirdparty%2Fcurl.git

vtls: check final cfilter node in find_ssl_filter

find_ssl_filter used while(cf && cf->next) and skipped the last node.
If the SSL filter was last, channel binding lookup failed and we returned
CURLE_BAD_FUNCTION_ARGUMENT. Switch to while(cf) so the tail is examined.

This bug was found with ZeroPath.

Closes #19229
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f1c9e8bbd6..764d829325 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5684,10 +5684,8 @@ static CURLcode ossl_get_channel_binding(struct Curl_easy *data, int sockindex,
       break;
     }
 
-    if(cf->next)
-      cf = cf->next;
-
-  } while(cf->next);
+    cf = cf->next;
+  } while(cf);
 
   if(!octx) {
     failf(data, "Failed to find the SSL filter");