diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2020-06-09 04:21:08 +0000 |
---|---|---|
committer | Kevin Jacobs <kjacobs@mozilla.com> | 2020-06-09 04:21:08 +0000 |
commit | 486400ca1c16833569ae2aa7f41d03b5471c947d (patch) | |
tree | 374b15a4fa75b38f029815ec16fbb75370362ed4 | |
parent | f868a4178608c270b472fecfe60ac954318f4059 (diff) | |
download | nss-hg-486400ca1c16833569ae2aa7f41d03b5471c947d.tar.gz |
Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer mode. r=mt
Differential Revision: https://phabricator.services.mozilla.com/D78395
-rw-r--r-- | lib/ssl/tls13con.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index b79045bb4..080599efb 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -1384,7 +1384,14 @@ tls13_CanResume(sslSocket *ss, const sslSessionID *sid) return PR_FALSE; } +#ifdef UNSAFE_FUZZER_MODE + /* When fuzzing, sid could contain garbage that will crash tls13_GetHashForCipherSuite. + * Do a direct comparison of cipher suites. This makes us refuse to resume when the + * protocol allows it, but resumption is discretionary anyway. */ + if (sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite) { +#else if (tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite) != tls13_GetHashForCipherSuite(ss->ssl3.hs.cipher_suite)) { +#endif return PR_FALSE; } |