summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2018-04-17 07:45:54 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-04-17 07:47:42 +0200
commitd31b9604e33deaedaadc44bcbe03db5d51087b8b (patch)
treebe08c2852d61df7803310791fb68051c46b1be32
parent5c805f54b06e86df5ebbd06ec687111697ee4576 (diff)
downloadgnutls-d31b9604e33deaedaadc44bcbe03db5d51087b8b.tar.gz
tls13/finished: addressed memory leak in receiving finished packet
Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat
-rw-r--r--fuzz/gnutls_psk_server_fuzzer.repro/e40a8cc4e868b450a442d905d914aee402b57a15bin0 -> 437 bytes
-rw-r--r--lib/tls13/finished.c10
2 files changed, 7 insertions, 3 deletions
diff --git a/fuzz/gnutls_psk_server_fuzzer.repro/e40a8cc4e868b450a442d905d914aee402b57a15 b/fuzz/gnutls_psk_server_fuzzer.repro/e40a8cc4e868b450a442d905d914aee402b57a15
new file mode 100644
index 0000000000..2efe90c63b
--- /dev/null
+++ b/fuzz/gnutls_psk_server_fuzzer.repro/e40a8cc4e868b450a442d905d914aee402b57a15
Binary files differ
diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c
index c28d24a19d..bb535fff87 100644
--- a/lib/tls13/finished.c
+++ b/lib/tls13/finished.c
@@ -96,8 +96,11 @@ int _gnutls13_recv_finished(gnutls_session_t session)
_gnutls_handshake_log("HSK[%p]: parsing finished\n", session);
- if (buf.length != hash_size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ if (buf.length != hash_size) {
+ gnutls_assert();
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ goto cleanup;
+ }
#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
@@ -105,7 +108,8 @@ int _gnutls13_recv_finished(gnutls_session_t session)
#else
if (safe_memcmp(verifier, buf.data, buf.length) != 0) {
gnutls_assert();
- return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ goto cleanup;
}
#endif
View Lorry Controller Status