Bug 1642638 - Don't assert sid ciphersuite to be defined in fuzzer mode. r=mt

Differential Revision: https://phabricator.services.mozilla.com/D78395
author: Kevin Jacobs <kjacobs@mozilla.com> 2020-06-09 04:21:08 +0000
committer: Kevin Jacobs <kjacobs@mozilla.com> 2020-06-09 04:21:08 +0000
commit: 486400ca1c16833569ae2aa7f41d03b5471c947d (patch)
tree: 374b15a4fa75b38f029815ec16fbb75370362ed4
parent: f868a4178608c270b472fecfe60ac954318f4059 (diff)
download: nss-hg-486400ca1c16833569ae2aa7f41d03b5471c947d.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
index b79045bb4..080599efb 100644
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -1384,7 +1384,14 @@ tls13_CanResume(sslSocket *ss, const sslSessionID *sid)
         return PR_FALSE;
     }
 
+#ifdef UNSAFE_FUZZER_MODE
+    /* When fuzzing, sid could contain garbage that will crash tls13_GetHashForCipherSuite.
+     * Do a direct comparison of cipher suites.  This makes us refuse to resume when the
+     * protocol allows it, but resumption is discretionary anyway. */
+    if (sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite) {
+#else
     if (tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite) != tls13_GetHashForCipherSuite(ss->ssl3.hs.cipher_suite)) {
+#endif
         return PR_FALSE;
     }
author	Kevin Jacobs <kjacobs@mozilla.com>	2020-06-09 04:21:08 +0000
committer	Kevin Jacobs <kjacobs@mozilla.com>	2020-06-09 04:21:08 +0000
commit	486400ca1c16833569ae2aa7f41d03b5471c947d (patch)
tree	374b15a4fa75b38f029815ec16fbb75370362ed4
parent	f868a4178608c270b472fecfe60ac954318f4059 (diff)
download	nss-hg-486400ca1c16833569ae2aa7f41d03b5471c947d.tar.gz