Fix memory leak when decoding corrupt tickets.
This is CVE-2014-3567 from upstream. See
https://www.openssl.org/news/secadv_20141015.txt
Change-Id: I9aad422bf1b8055cb251c7ff9346cf47a448a815
Reviewed-on: https://boringssl-review.googlesource.com/1970
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 323f43f..b4c2e61 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -649,6 +649,10 @@
}
func runTest(test *testCase, buildDir string) error {
+ if !test.shouldFail && (len(test.expectedError) > 0 || len(test.expectedLocalError) > 0) {
+ panic("Error expected without shouldFail in " + test.name)
+ }
+
shimEnd, conn := openSocketPair()
shimEndResume, connResume := openSocketPair()
@@ -1542,6 +1546,31 @@
expectedNextProtoType: alpn,
resumeSession: true,
})
+ // Resume with a corrupt ticket.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "CorruptTicket",
+ config: Config{
+ Bugs: ProtocolBugs{
+ CorruptTicket: true,
+ },
+ },
+ resumeSession: true,
+ flags: []string{"-expect-session-miss"},
+ })
+ // Resume with an oversized session id.
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "OversizedSessionId",
+ config: Config{
+ Bugs: ProtocolBugs{
+ OversizedSessionId: true,
+ },
+ },
+ resumeSession: true,
+ shouldFail: true,
+ expectedError: ":DECODE_ERROR:",
+ })
}
func addResumptionVersionTests() {