diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-04-07 21:27:27 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-04-07 21:29:11 +0200 |
commit | 2242f125aa6f31de93fdd0342acf35f75ea89241 (patch) | |
tree | ddfd237a319e7895d9e9c7c9d45744e1aa1187b8 | |
parent | edef58b8dd4a7ad30c10ec550a943deff65cacc2 (diff) | |
download | gnutls-2242f125aa6f31de93fdd0342acf35f75ea89241.tar.gz |
ext/psk_ke_modes: corrected data access
That also improves the if-checks.
Issue and reproducer discovered via oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 | bin | 0 -> 419 bytes | |||
-rw-r--r-- | lib/ext/psk_ke_modes.c | 3 |
2 files changed, 2 insertions, 1 deletions
diff --git a/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 b/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 Binary files differnew file mode 100644 index 0000000000..8cc62c101e --- /dev/null +++ b/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c index c6aef3bda8..afcbcb8ce1 100644 --- a/lib/ext/psk_ke_modes.c +++ b/lib/ext/psk_ke_modes.c @@ -139,9 +139,10 @@ psk_ke_modes_recv_params(gnutls_session_t session, return gnutls_assert_val(0); for (i=0;i<ke_modes_len;i++) { + DECR_LEN(len, 1); if (data[i] == PSK_DHE_KE) cli_dhpsk_pos = i; - if (data[i] == PSK_KE) + else if (data[i] == PSK_KE) cli_psk_pos = i; if (cli_psk_pos != MAX_POS && cli_dhpsk_pos != MAX_POS) |