From eef69d9a75c1c83db480b78fd65f7e736f14c374 Mon Sep 17 00:00:00 2001
From: K1 <dongbeiouba@gmail.com>
Date: Fri, 12 Jul 2024 15:18:06 +0800
Subject: [PATCH] Correct return values for tls_construct_stoc_next_proto_neg

Return EXT_RETURN_NOT_SENT in the event that we don't send the extension,
rather than EXT_RETURN_SENT. This actually makes no difference at all to
the current control flow since this return value is ignored in this case
anyway. But lets make it correct anyway.

Follow on from CVE-2024-5535

(cherry picked from commit 189a7ed3e380e34ea38fe4190a7c9396bace0fb7)
---
 ssl/statem/extensions_srvr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 5b1b0cc7f..8977801ca 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1652,9 +1652,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
             return EXT_RETURN_FAIL;
         }
         s->s3->npn_seen = 1;
+        return EXT_RETURN_SENT;
     }
 
-    return EXT_RETURN_SENT;
+    return EXT_RETURN_NOT_SENT;
 }
 #endif