Commit c7558d5b authored by Paul Yang's avatar Paul Yang Committed by Matt Caswell
Browse files

Fix reading heap overflow in a test case 



Caught by AddressSanitizer

Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4497)
parent 21c21542

test/sslapitest.c

+7 −6
Original line number Diff line number Diff line
@@ -1974,15 +1974,16 @@ static int hostname_cb(SSL *s, int *al, void *arg) 


static const char *servalpn;



static int alpn_select_cb (SSL *ssl, const unsigned char **out, unsigned char *outlen,

                    const unsigned char *in, unsigned int inlen, void *arg)

static int alpn_select_cb(SSL *ssl, const unsigned char **out,

                          unsigned char *outlen, const unsigned char *in,

                          unsigned int inlen, void *arg)

{

    unsigned int i, protlen = 0;

    unsigned int protlen = 0;

    const unsigned char *prot;



    for (i = 0, prot = in; i < inlen; i += protlen, prot += protlen) {

        protlen = *(prot++);

        if (inlen - i < protlen)

    for (prot = in; prot < in + inlen; prot += protlen) {

        protlen = *prot++;

        if (in + inlen - prot < protlen)

            return SSL_TLSEXT_ERR_NOACK;



        if (protlen == strlen(servalpn)