Correct return values for tls_construct_stoc_next_proto_neg

Return EXT_RETURN_NOT_SENT in the event that we don't send the extension, rather than EXT_RETURN_SENT. This actually makes no difference at all to the current control flow since this return value is ignored in this case anyway. But lets make it correct anyway. Follow on from CVE-2024-5535 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24716)
2024-06-21 10:41:55 +01:00 · 2024-06-21 10:41:55 +01:00 · e10a3a84bf
commit e10a3a84bf
parent 9925c97a8e
1 changed files with 2 additions and 1 deletions
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@ -1519,9 +1519,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt,
            return EXT_RETURN_FAIL;
        }
        s->s3.npn_seen = 1;
+        return EXT_RETURN_SENT;
    }

-    return EXT_RETURN_SENT;
+    return EXT_RETURN_NOT_SENT;
 }
 #endif