Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket r=jcj,bbeurdouche
authorKevin Jacobs <kjacobs@mozilla.com>
Tue, 10 Mar 2020 14:28:14 +0000
changeset 15532 710d10a72934b52713e44cba4a8aeb0668f2b9c0
parent 15531 12fc91fad84ad7f514d7abe64c15b375515a3710
child 15533 4c43bc0998f39884da48febd56aa7fff34bcabfd
push id3691
push userkjacobs@mozilla.com
push dateTue, 10 Mar 2020 17:03:57 +0000
reviewersjcj, bbeurdouche
bugs1618915
Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket r=jcj,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D66130
lib/ssl/ssl3exthandle.c
--- a/lib/ssl/ssl3exthandle.c
+++ b/lib/ssl/ssl3exthandle.c
@@ -1029,17 +1029,19 @@ ssl_ParseSessionTicket(sslSocket *ss, co
 
     /* Read timestamp.  This is a 64-bit value and
      * ssl3_ExtConsumeHandshakeNumber only reads 32-bits at a time. */
     rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
     if (rv != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
-    parsedTicket->timestamp = (PRTime)temp << 32;
+
+    /* Cast to avoid undefined behavior if the top bit is set. */
+    parsedTicket->timestamp = (PRTime)((PRUint64)temp << 32);
     rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &len);
     if (rv != SECSuccess) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         return SECFailure;
     }
     parsedTicket->timestamp |= (PRTime)temp;
 
     /* Read server name */