commit 7e1f984a7c4eede37d6297cba141aef7de4509b0
author David Benjamin <davidben@google.com> Tue Sep 20 19:24:40 2016 -0400
committer David Benjamin <davidben@google.com> Wed Sep 21 20:40:10 2016 +0000
tree 0b699b02867fa1a341b9c8e0e89618f8034c8c13
parent e4706906336f8724a25b68f82967dcf82d2fb45e

Fix some bugs in TLS 1.3 server key_share code.

Found by libFuzzer and then one more mistake caught by valgrind. Add a
test for this case.

Change-Id: I92773bc1231bafe5fc069e8568d93ac0df4c8acb
Reviewed-on: https://boringssl-review.googlesource.com/11129
Reviewed-by: David Benjamin <davidben@google.com>

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 99d7fac..c350ac5 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -7978,6 +7978,8 @@
 				DuplicateKeyShares: true,
 			},
 		},
+		shouldFail:    true,
+		expectedError: ":DUPLICATE_KEY_SHARE:",
 	})
 
 	testCases = append(testCases, testCase{
@@ -8175,6 +8177,19 @@
 		shouldFail:    true,
 		expectedError: ":DECODE_ERROR:",
 	})
+
+	testCases = append(testCases, testCase{
+		testType: serverTest,
+		name:     "TLS13-TrailingKeyShareData",
+		config: Config{
+			MaxVersion: VersionTLS13,
+			Bugs: ProtocolBugs{
+				TrailingKeyShareData: true,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":DECODE_ERROR:",
+	})
 }
 
 func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {