From a8c0ee154d212284f82680275de63642d914365e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 21 Jun 2024 10:41:55 +0100 Subject: [PATCH 6/9] Correct return values for tls_construct_stoc_next_proto_neg Return EXT_RETURN_NOT_SENT in the event that we don't send the extension, rather than EXT_RETURN_SENT. This actually makes no difference at all to the current control flow since this return value is ignored in this case anyway. But lets make it correct anyway. Follow on from CVE-2024-5535 Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24718) (cherry picked from commit 087501b4f572825e27ca8cc2c5874fcf6fd47cf7) Upstream-Status: Backport from [https://github.com/openssl/openssl/commit/189a7ed3e380e34ea38fe4190a7c9396bace0fb7] CVE: CVE-2024-5535 Signed-off-by: Siddharth Doshi --- ssl/statem/extensions_srvr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 1fab5a3..51ea74b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1471,9 +1471,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } s->s3.npn_seen = 1; + return EXT_RETURN_SENT; } - return EXT_RETURN_SENT; + return EXT_RETURN_NOT_SENT; } #endif -- 2.25.1