diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-05-04 14:20:37 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-05-04 14:20:37 +0000 |
| commit | fc8651bf20510be96c6c7a16014c35f5a576562a (patch) | |
| tree | 4a9b0d372c24591bda9fffb06a487ffbdd6d4a05 /regress | |
| parent | 14ec1b444dbd75ae5d9e5495bf1a4f45c8df8b74 (diff) | |
Fix out-of-bounds access in tables[][] that was exposed in bluhm's
regress on i386 after inoguchi moved some symbols to const.
ok inoguchi jsing deraadt
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/lib/libssl/handshake/handshake_table.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/regress/lib/libssl/handshake/handshake_table.c b/regress/lib/libssl/handshake/handshake_table.c index a8c68970db9..2728dd84a16 100644 --- a/regress/lib/libssl/handshake/handshake_table.c +++ b/regress/lib/libssl/handshake/handshake_table.c @@ -1,4 +1,4 @@ -/* $OpenBSD: handshake_table.c,v 1.13 2020/04/22 17:05:53 jsing Exp $ */ +/* $OpenBSD: handshake_table.c,v 1.14 2020/05/04 14:20:36 tb Exp $ */ /* * Copyright (c) 2019 Theo Buehler <tb@openbsd.org> * @@ -21,6 +21,8 @@ #include <stdlib.h> #include <unistd.h> +#define MAX_FLAGS (UINT8_MAX + 1) + #include "tls13_handshake.h" /* @@ -134,7 +136,7 @@ static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = { const size_t stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]); void build_table(enum tls13_message_type - table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], + table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], struct child current, struct child end, struct child path[], uint8_t flags, unsigned int depth); size_t count_handshakes(void); @@ -152,7 +154,7 @@ void fprint_flags(FILE *stream, uint8_t flags); const char *mt2str(enum tls13_message_type mt); __dead void usage(void); int verify_table(enum tls13_message_type - table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], int print); + table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print); const char * flag2str(uint8_t flag) @@ -370,7 +372,7 @@ count_handshakes(void) } void -build_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], +build_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], struct child current, struct child end, struct child path[], uint8_t flags, unsigned int depth) { @@ -409,7 +411,7 @@ build_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], } int -verify_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], +verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print) { int success = 1, i; @@ -458,7 +460,7 @@ int main(int argc, char *argv[]) { static enum tls13_message_type - hs_table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES] = { + hs_table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES] = { [INITIAL] = { CLIENT_HELLO, SERVER_HELLO_RETRY_REQUEST, |