Bug 1649316 - Prevent memcmp to be called with a zero length in ssl/ssl3con.c:6621 r=kjacobs

Differential Revision: https://phabricator.services.mozilla.com/D81667
author: Benjamin Beurdouche <bbeurdouche@mozilla.com> 2020-07-02 15:40:08 +0000
committer: Benjamin Beurdouche <bbeurdouche@mozilla.com> 2020-07-02 15:40:08 +0000
commit: 40ebd16d10b050a73ba7833425872aaaf4802217 (patch)
tree: 2f14d126076b8fd0e4bfa097d169cd5fbb5db96f
parent: cccae6c55fae06569bada2dcbf7b5ff0d3adabb8 (diff)
download: nss-hg-40ebd16d10b050a73ba7833425872aaaf4802217.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 930635850..b6218296d 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -6618,7 +6618,7 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes)
      * fake. Check for the real value. */
     if (sentRealSid) {
         sidMatch = (sidBytes->len == sid->u.ssl3.sessionIDLength) &&
-                   PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes->data, sidBytes->len) == 0;
+                   (!sidBytes->len || PORT_Memcmp(sid->u.ssl3.sessionID, sidBytes->data, sidBytes->len) == 0);
     } else {
         /* Otherwise, the session ID was a fake if TLS 1.3 compat mode is
          * enabled.  If so, check for the fake value. */
author	Benjamin Beurdouche <bbeurdouche@mozilla.com>	2020-07-02 15:40:08 +0000
committer	Benjamin Beurdouche <bbeurdouche@mozilla.com>	2020-07-02 15:40:08 +0000
commit	40ebd16d10b050a73ba7833425872aaaf4802217 (patch)
tree	2f14d126076b8fd0e4bfa097d169cd5fbb5db96f
parent	cccae6c55fae06569bada2dcbf7b5ff0d3adabb8 (diff)
download	nss-hg-40ebd16d10b050a73ba7833425872aaaf4802217.tar.gz