8bdb45e21d
The first patch caused a QUIC test to fail, so backport the entire
series, which looks reasonable and adds good additional safeguards and
checks.
(cherry picked from commit f3cb03b52a)
Resolves: RHEL-45657
Signed-off-by: Clemens Lang <cllang@redhat.com>
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 6cc511826f09e513b4ec066d9b95acaf4f86d991 Mon Sep 17 00:00:00 2001
|
|
From: Matt Caswell <matt@openssl.org>
|
|
Date: Fri, 31 May 2024 11:22:13 +0100
|
|
Subject: [PATCH 03/10] Use correctly formatted ALPN data in tserver
|
|
|
|
The QUIC test server was using incorrectly formatted ALPN data. With the
|
|
previous implementation of SSL_select_next_proto this went unnoticed. With
|
|
the new stricter implemenation it was failing.
|
|
|
|
Follow on from CVE-2024-5535
|
|
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/24717)
|
|
---
|
|
ssl/quic/quic_tserver.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c
|
|
index 86187d06ff..15694e723f 100644
|
|
--- a/ssl/quic/quic_tserver.c
|
|
+++ b/ssl/quic/quic_tserver.c
|
|
@@ -58,7 +58,7 @@ static int alpn_select_cb(SSL *ssl, const unsigned char **out,
|
|
|
|
if (srv->args.alpn == NULL) {
|
|
alpn = alpndeflt;
|
|
- alpnlen = sizeof(alpn);
|
|
+ alpnlen = sizeof(alpndeflt);
|
|
} else {
|
|
alpn = srv->args.alpn;
|
|
alpnlen = srv->args.alpnlen;
|
|
--
|
|
2.46.0
|
|
|