From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 17 May 2024 01:34:46 +0000 (+0900)
Subject: shuffle_exts: avoid theoretical wrap around of unsigned integer
X-Git-Tag: 3.8.6~9^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d136ff1b906df2e6d21008d8f37537eddbf88a3a;p=thirdparty%2Fgnutls.git

shuffle_exts: avoid theoretical wrap around of unsigned integer

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index cb407e6eb6..ec685acd1a 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -428,7 +428,7 @@ verify(GNUTLS_EXTENSION_MAX < MAX_EXT_TYPES);
  */
 verify(GNUTLS_EXTENSION_MAX_VALUE - GNUTLS_EXTENSION_MAX >= 16);
 
-/* MAX_EXT_TYPES + 1 must fit in a single byte, to generate random
+/* MAX_EXT_TYPES must fit in a single byte, to generate random
  * permutation at once.
  */
 verify(MAX_EXT_TYPES <= UINT8_MAX);
diff --git a/lib/hello_ext.c b/lib/hello_ext.c
index c941fb7782..40af8c2b10 100644
--- a/lib/hello_ext.c
+++ b/lib/hello_ext.c
@@ -413,7 +413,10 @@ static int shuffle_exts(extensions_t *exts, size_t size)
 
 	assert(size <= MAX_EXT_TYPES);
 
-	/* Generate random permutation, assuming MAX_EXT_TYPES <
+	if (unlikely(size == 0))
+		return 0;
+
+	/* Generate random permutation, assuming MAX_EXT_TYPES <=
 	 * UINT8_MAX.
 	 */
 	ret = gnutls_rnd(GNUTLS_RND_RANDOM, permutation, size);