SSL_apply_handback: check session is where it's expected to be. Found by fuzzing. Change-Id: I831f7869b16486eef7ac887ee199450e38461086 Reviewed-on: https://boringssl-review.googlesource.com/28044 Commit-Queue: Matt Braithwaite <mab@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: David Benjamin <davidben@google.com>

commit: 9fdf7cb97ab760e77b1b35c902f70810c9ae8798 [log] [tgz]
author: Matthew Braithwaite <mab@google.com> Fri May 04 09:28:50 2018 -0700
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Sat May 05 02:25:24 2018 +0000
tree: a9237284617aa5581f39b475d1adecbd529a595e
parent: 0e9e0ba18c56160d2e25f958b83a5119aace89c3 [diff]
diff --git a/ssl/handoff.cc b/ssl/handoff.cc
index 5ba1d11..bacb6fd 100644
--- a/ssl/handoff.cc
+++ b/ssl/handoff.cc

@@ -265,6 +265,9 @@
   s3->hs->state = CBS_len(&transcript) == 0 ? state12_finish_server_handshake
                                             : state12_read_client_certificate;
   s3->session_reused = session_reused;
+  if (s3->hs->state == state12_read_client_certificate && session_reused) {
+    return false;
+  }
   s3->tlsext_channel_id_valid = channel_id_valid;
   s3->next_proto_negotiated.CopyFrom(next_proto);
   s3->alpn_selected.CopyFrom(alpn);
commit	9fdf7cb97ab760e77b1b35c902f70810c9ae8798	[log] [tgz]
author	Matthew Braithwaite <mab@google.com>	Fri May 04 09:28:50 2018 -0700
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Sat May 05 02:25:24 2018 +0000
tree	a9237284617aa5581f39b475d1adecbd529a595e
parent	0e9e0ba18c56160d2e25f958b83a5119aace89c3 [diff]