Skip to content

Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377#9391

Merged
dgarske merged 3 commits intowolfSSL:masterfrom
holtrop:check-dup-extensions-fix
Nov 11, 2025
Merged

Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377#9391
dgarske merged 3 commits intowolfSSL:masterfrom
holtrop:check-dup-extensions-fix

Conversation

@holtrop
Copy link
Copy Markdown

@holtrop holtrop commented Nov 5, 2025
edited
Loading

Description

Check for duplicate extensions in client hello when HAVE_TLS_EXTENSIONS is not set - fix #9377

Testing

Ran reproduce steps from #9377 and verified the duplicate error is now found.
Ran unit tests for configuration ./configure --disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info (prior to this fix the test_tls_ext_duplicate test was failing to correctly detect the duplicate extension for this configuration).

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@holtrop holtrop self-assigned this Nov 5, 2025
@holtrop holtrop marked this pull request as ready for review November 5, 2025 21:31
@holtrop holtrop assigned wolfSSL-Bot and unassigned holtrop Nov 5, 2025
@devin-ai-integration
Copy link
Copy Markdown
Contributor

devin-ai-integration Bot commented Nov 5, 2025

🛟 Devin Lifeguard found 1 likely issues in this PR

  • pointer-null-check snippet: Add a guard at the top of checkDupExt(), e.g. if (extBlock == NULL) return 0;, or otherwise ensure extBlock != NULL before the loop that dereferences extBlock[i].

@holtrop
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

SparkiDev
SparkiDev requested changes Nov 5, 2025
View reviewed changes
Comment thread tests/api.c
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
@holtrop holtrop requested a review from SparkiDev November 6, 2025 15:10
@holtrop holtrop force-pushed the check-dup-extensions-fix branch from e7b4fcf to 3af60ff Compare November 10, 2025 15:08
@holtrop holtrop removed their assignment Nov 10, 2025
@dgarske dgarske added the For This Release Release version 5.9.1 label Nov 10, 2025
SparkiDev
SparkiDev previously approved these changes Nov 11, 2025
View reviewed changes
dgarske
dgarske requested changes Nov 11, 2025
View reviewed changes
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
@dgarske dgarske assigned holtrop and unassigned JacobBarthelmeh Nov 11, 2025
@holtrop holtrop force-pushed the check-dup-extensions-fix branch from 553df37 to 32b00fd Compare November 11, 2025 19:06
@holtrop holtrop requested a review from dgarske November 11, 2025 19:15
@dgarske
Copy link
Copy Markdown
Member

dgarske commented Nov 11, 2025

Jenkins retest this please

dgarske
dgarske requested changes Nov 11, 2025
View reviewed changes
Comment thread src/internal.c Outdated
Comment thread src/internal.c Outdated
@holtrop holtrop requested a review from dgarske November 11, 2025 20:36
@dgarske dgarske merged commit 6914f08 into wolfSSL:master Nov 11, 2025
275 of 276 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@SparkiDev SparkiDev SparkiDev left review comments

Assignees

@holtrop holtrop

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: RFC 5246 violation in DoClientHello when HAVE_TLS_EXTENSION is undefined

6 participants

@holtrop @dgarske @SparkiDev @JacobBarthelmeh @wolfSSL-Bot @holtrop-wolfssl