Fix potential crash in tls_construct_finished.

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3667)
2025-04-06 20:20:50 +08:00 · 2017-06-14 20:25:52 +02:00 · 2017-06-14 20:25:52 +02:00 · b43c376586
commit b43c376586
parent c31ad0bbf8
1 changed files with 6 additions and 1 deletions
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -501,7 +501,12 @@ int tls_construct_finished(SSL *s, WPACKET *pkt)
            && (!s->method->ssl3_enc->change_cipher_state(s,
                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
        SSLerr(SSL_F_TLS_CONSTRUCT_FINISHED, SSL_R_CANNOT_CHANGE_CIPHER);
-        goto err;
+        /*
+         * This is a fatal error, which leaves
+         * enc_write_ctx in an inconsistent state
+         * and thus ssl3_send_alert may crash.
+         */
+        return 0;
    }

    if (s->server) {