From: Eugene Syromiatnikov Date: Mon, 23 Feb 2026 04:06:18 +0000 (+0100) Subject: ssl/ech/ech_internal.c: check WPACKET_get_total_written in ossl_ech_send_grease X-Git-Tag: openssl-4.0.0-alpha1~113 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3e08902de4bb19862c346dde7969ca907c5d7528;p=thirdparty%2Fopenssl.git ssl/ech/ech_internal.c: check WPACKET_get_total_written in ossl_ech_send_grease Check the result of WPACKET_get_total_written() calls in ossl_ech_send_grease(), as is done elsewhere. Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681451 Fixes: ade10c5dbf20 "ECH client side" Signed-off-by: Eugene Syromiatnikov Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz MergeDate: Wed Feb 25 11:10:42 2026 (Merged from https://github.com/openssl/openssl/pull/30139) --- diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c index 3ae7e89a95b..967b6d403c9 100644 --- a/ssl/ech/ech_internal.c +++ b/ssl/ech/ech_internal.c @@ -300,7 +300,10 @@ int ossl_ech_send_grease(SSL_CONNECTION *s, WPACKET *pkt) unsigned char cipher[OSSL_ECH_MAX_GREASE_CT]; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - WPACKET_get_total_written(pkt, &pp_at_start); + if (!WPACKET_get_total_written(pkt, &pp_at_start)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } /* randomly select cipher_len to be one of 144, 176, 208, 244 */ if (RAND_bytes_ex(sctx->libctx, &cid, 1, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -345,7 +348,10 @@ int ossl_ech_send_grease(SSL_CONNECTION *s, WPACKET *pkt) } /* record the ECH sent so we can re-tx same if we hit an HRR */ OPENSSL_free(s->ext.ech.sent); - WPACKET_get_total_written(pkt, &pp_at_end); + if (!WPACKET_get_total_written(pkt, &pp_at_end)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } s->ext.ech.sent_len = pp_at_end - pp_at_start; s->ext.ech.sent = OPENSSL_malloc(s->ext.ech.sent_len); if (s->ext.ech.sent == NULL) {