Commit ba6cbe1d authored by Kevin Jacobs's avatar Kevin Jacobs

Bug 1674819 - Fix undefined shift when fuzzing r=bbeurdouche

In fuzzer mode, session tickets are serialized without any encryption or integrity protection. This leads to a post-deserialize UBSAN error when shifting by a fuzzed (large) authType value. A real NSS server will not produce these values.

Differential Revision:

extra : moz-landing-system : lando
parent bd788dd7
......@@ -917,6 +917,13 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
return SECFailure;
PORT_Assert(temp < ssl_auth_size);
temp %= (8 * sizeof(SSLAuthType));
parsedTicket->authType = (SSLAuthType)temp;
rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
if (rv != SECSuccess) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment