Parcourir la source

Fix oss_fuzz bug 3604

Only allow to renew a secure channel if it was already opened

See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3604
Credit to oss-fuzz
Stefan Profanter il y a 7 ans
Parent
commit
327cbf9423
1 fichiers modifiés avec 5 ajouts et 0 suppressions
  1. 5 0
      src/server/ua_securechannel_manager.c

+ 5 - 0
src/server/ua_securechannel_manager.c

@@ -180,6 +180,11 @@ UA_StatusCode
 UA_SecureChannelManager_renew(UA_SecureChannelManager* cm, UA_SecureChannel *channel,
                               const UA_OpenSecureChannelRequest* request,
                               UA_OpenSecureChannelResponse* response) {
+    if(channel->state != UA_SECURECHANNELSTATE_OPEN) {
+        UA_LOG_ERROR_CHANNEL(cm->server->config.logger, channel,
+                             "Called renew on channel which is not open");
+        return UA_STATUSCODE_BADINTERNALERROR;
+    }
     /* If no security token is already issued */
     if(channel->nextSecurityToken.tokenId == 0) {
         channel->nextSecurityToken.channelId = channel->securityToken.channelId;