Fix memory leak when decoding corrupt tickets. This is CVE-2014-3567 from upstream. See https://www.openssl.org/news/secadv_20141015.txt Change-Id: I9aad422bf1b8055cb251c7ff9346cf47a448a815 Reviewed-on: https://boringssl-review.googlesource.com/1970 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 3831173740ebdb35bc9371a3886dcaa1ce0b9227 [log] [tgz]
author: Adam Langley <agl@google.com> Thu Oct 16 19:04:35 2014 -0700
committer: Adam Langley <agl@google.com> Mon Oct 20 19:05:48 2014 +0000
tree: 79b14df830570ff4a796006081ebfbe90006c938
parent: 88333ef7d7d47221ede66a2a31626fc426466297 [diff] [blame]
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index cf244bc..8b2c750 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -464,6 +464,14 @@
 	// AllowSessionVersionMismatch causes the server to resume sessions
 	// regardless of the version associated with the session.
 	AllowSessionVersionMismatch bool
+
+	// CorruptTicket causes a client to corrupt a session ticket before
+	// sending it in a resume handshake.
+	CorruptTicket bool
+
+	// OversizedSessionId causes the session id that is sent with a ticket
+	// resumption attempt to be too large (33 bytes).
+	OversizedSessionId bool
 }
 
 func (c *Config) serverInit() {
commit	3831173740ebdb35bc9371a3886dcaa1ce0b9227	[log] [tgz]
author	Adam Langley <agl@google.com>	Thu Oct 16 19:04:35 2014 -0700
committer	Adam Langley <agl@google.com>	Mon Oct 20 19:05:48 2014 +0000
tree	79b14df830570ff4a796006081ebfbe90006c938
parent	88333ef7d7d47221ede66a2a31626fc426466297 [diff] [blame]