Assert that SSLfatal() only gets called once

We shouldn't call SSLfatal() multiple times for the same error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4778)
This commit is contained in:
Matt Caswell 2017-11-23 12:33:11 +00:00
parent 47e2ee0722
commit f9f674eb76
2 changed files with 6 additions and 1 deletions

View file

@ -11,6 +11,7 @@
#include <openssl/rand.h>
#include "../ssl_locl.h"
#include "statem_locl.h"
#include <assert.h>
/*
* This file implements the SSL/TLS/DTLS state machines.
@ -117,6 +118,8 @@ void ossl_statem_set_renegotiate(SSL *s)
void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
int line)
{
/* We shouldn't call SSLfatal() twice. Once is enough */
assert(s->statem.state != MSG_FLOW_ERROR);
s->statem.in_init = 1;
s->statem.state = MSG_FLOW_ERROR;
ERR_put_error(ERR_LIB_SSL, func, reason, file, line);

View file

@ -2938,10 +2938,12 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
return 1;
err:
EVP_PKEY_free(ckey);
#endif
return 0;
#else
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
ERR_R_INTERNAL_ERROR);
return 0;
#endif
}
static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)