commit fbea9de16398321ed245e3271f4ed0a8149a5e6a
author Adam Langley <agl@google.com> Thu Feb 06 10:05:55 2020 -0800
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Feb 06 18:24:43 2020 +0000
tree f72d2d46d4b782f01321a13e08938e167a5ffc58
parent 921bb9e224a9c5b082c0d42cd6c76cb2f9759ee6

Check enum values in handoff.

Casting an out-of-range value to an enum is undefined behaviour in C.

Bug: oss-fuzz:20546
Change-Id: I11c6bc533b898430bd791e3cdcb271943b95c101
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39904
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/handoff.cc

diff --git a/ssl/handoff.cc b/ssl/handoff.cc
index e011f94..abe996b 100644
--- a/ssl/handoff.cc
+++ b/ssl/handoff.cc
@@ -27,10 +27,12 @@
 // early_data_t represents the state of early data in a more compact way than
 // the 3 bits used by the implementation.
 enum early_data_t {
-  early_data_not_offered,
-  early_data_accepted,
-  early_data_rejected_hrr,
-  early_data_skipped,
+  early_data_not_offered = 0,
+  early_data_accepted = 1,
+  early_data_rejected_hrr = 2,
+  early_data_skipped = 3,
+
+  early_data_max_value = early_data_skipped,
 };
 
 // serialize_features adds a description of features supported by this binary to
@@ -499,7 +501,9 @@
         !CBS_get_asn1_bool(&seq, &accept_psk_mode) ||
         !CBS_get_asn1_int64(&seq, &ticket_age_skew) ||
         !CBS_get_asn1_uint64(&seq, &early_data_reason) ||
-        !CBS_get_asn1_uint64(&seq, &early_data)) {
+        early_data_reason > ssl_early_data_reason_max_value ||
+        !CBS_get_asn1_uint64(&seq, &early_data) ||
+        early_data > early_data_max_value) {
       return false;
     }
     if (type == handback_tls13_early_data &&