ext/psk_ke_modes: corrected data access

That also improves the if-checks. Issue and reproducer discovered via oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-04-07 21:27:27 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-04-07 21:29:11 +0200
commit: 2242f125aa6f31de93fdd0342acf35f75ea89241 (patch)
tree: ddfd237a319e7895d9e9c7c9d45744e1aa1187b8
parent: edef58b8dd4a7ad30c10ec550a943deff65cacc2 (diff)
download: gnutls-2242f125aa6f31de93fdd0342acf35f75ea89241.tar.gz
2 files changed, 2 insertions, 1 deletions
diff --git a/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3 b/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3
new file mode 100644
index 0000000000..8cc62c101e
--- /dev/null
+++ b/fuzz/gnutls_psk_server_fuzzer.repro/d757b818210bcaec5e297cdb5e30cee9059f9bc3
diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c
index c6aef3bda8..afcbcb8ce1 100644
--- a/lib/ext/psk_ke_modes.c
+++ b/lib/ext/psk_ke_modes.c
@@ -139,9 +139,10 @@ psk_ke_modes_recv_params(gnutls_session_t session,
 		return gnutls_assert_val(0);
 
 	for (i=0;i<ke_modes_len;i++) {
+		DECR_LEN(len, 1);
 		if (data[i] == PSK_DHE_KE)
 			cli_dhpsk_pos = i;
-		if (data[i] == PSK_KE)
+		else if (data[i] == PSK_KE)
 			cli_psk_pos = i;
 
 		if (cli_psk_pos != MAX_POS && cli_dhpsk_pos != MAX_POS)
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-07 21:27:27 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-04-07 21:29:11 +0200
commit	2242f125aa6f31de93fdd0342acf35f75ea89241 (patch)
tree	ddfd237a319e7895d9e9c7c9d45744e1aa1187b8
parent	edef58b8dd4a7ad30c10ec550a943deff65cacc2 (diff)
download	gnutls-2242f125aa6f31de93fdd0342acf35f75ea89241.tar.gz