QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-29 03:04:37 +00:00
Code Issues Projects Releases Wiki Activity

Don't memcpy the contents of an empty fragment

Browse Source 
In DTLS if we have buffered a fragment for a zero length message (e.g.
ServerHelloDone) then, when we unbuffered the fragment, we were attempting
to memcpy the contents of the fragment which is zero length and a NULL
pointer. This is undefined behaviour. We should check first whether we
have a zero length fragment.

Fixes a travis issue.

[extended tests]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6223)
This commit is contained in:
Matt Caswell 2018-05-11 10:28:47 +01:00
parent c82c346226
commit a925e7dbf4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/statem/statem_dtls.c
View File

@ -504,7 +504,7 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
/* Calls SSLfatal() as required */
ret = dtls1_preprocess_fragment(s, &frag->msg_header);
if (ret) {
if (ret && frag->msg_header.frag_len > 0) {
unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
memcpy(&p[frag->msg_header.frag_off], frag->fragment,