]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f979aa3)
lib: fix a potential segfault in _gnutls13_recv_finished
authorXin Long <lucien.xin@gmail.com>
Thu, 1 Feb 2024 22:21:05 +0000 (17:21 -0500)
committerXin Long <lucien.xin@gmail.com>
Tue, 13 Feb 2024 22:17:12 +0000 (17:17 -0500)
In _gnutls13_recv_finished(), 'buf' is not initialized or set when
_gnutls13_compute_finished() returns an err, and goto cleanup may
cause a segfault crash as it frees the uninitialized buf.allocd in
_gnutls_buffer_clear().

So fix it by return if _gnutls13_compute_finished() returns an err
in _gnutls13_recv_finished().

Signed-off-by: Xin Long <lucien.xin@gmail.com>
lib/tls13/finished.c patch | blob | blame | history

diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c
index 91e940702d3405f675d56098140c100f7bbd6d39..422e7d3fea0826d3c108f0e19c08a3d472f54f35 100644 (file)
--- a/lib/tls13/finished.c
+++ b/lib/tls13/finished.c
@@ -82,10 +82,8 @@ int _gnutls13_recv_finished(gnutls_session_t session)
        ret = _gnutls13_compute_finished(
                session->security_parameters.prf, base_key,
                &session->internals.handshake_hash_buffer, verifier);
-       if (ret < 0) {
-               gnutls_assert();
-               goto cleanup;
-       }
+       if (ret < 0)
+               return gnutls_assert_val(ret);
 
        ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_FINISHED, 0,
                                     &buf);
Mirror of https://gitlab.com/gnutls/gnutls.git