diff options
| author | doug <> | 2015-02-09 07:17:55 +0000 |
|---|---|---|
| committer | doug <> | 2015-02-09 07:17:55 +0000 |
| commit | 24c49038fed6f28632c37bd797ee22d51c2f529f (patch) | |
| tree | 1ce81442299adac00144d8dfeee772e1d60ceae3 | |
| parent | 0806c8a26b4fd6c93113e242d4826f354fc60ee6 (diff) | |
| download | openbsd-24c49038fed6f28632c37bd797ee22d51c2f529f.tar.gz openbsd-24c49038fed6f28632c37bd797ee22d51c2f529f.tar.bz2 openbsd-24c49038fed6f28632c37bd797ee22d51c2f529f.zip | |
Return NULL when there are no shared ciphers.
OpenSSL added this change to avoid an out-of-bounds write since
they're accessing p[-1]. We initialize buf and use strrchr() so we
aren't subject to the same OOB write.
However, we should return NULL rather than an empty string when there
are no shared ciphers.
Also, KNF a particularly bad section above here that miod noticed.
Based on OpenSSL commits:
4ee356686f72ff849f6f3d58562224ace732b1a6
308505b838e4e3ce8485bb30f5b26e2766dc7f8b
ok miod@
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 10 |
2 files changed, 12 insertions, 8 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index 8ecb37d1be..8ebcb74ab9 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.97 2015/02/09 07:17:55 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1355,11 +1355,13 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | |||
| 1355 | size_t curlen = 0; | 1355 | size_t curlen = 0; |
| 1356 | int i; | 1356 | int i; |
| 1357 | 1357 | ||
| 1358 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | 1358 | if (s->session == NULL || s->session->ciphers == NULL || len < 2) |
| 1359 | (len < 2)) | 1359 | return (NULL); |
| 1360 | return (NULL); | ||
| 1361 | 1360 | ||
| 1362 | sk = s->session->ciphers; | 1361 | sk = s->session->ciphers; |
| 1362 | if (sk_SSL_CIPHER_num(sk) == 0) | ||
| 1363 | return (NULL); | ||
| 1364 | |||
| 1363 | buf[0] = '\0'; | 1365 | buf[0] = '\0'; |
| 1364 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | 1366 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1365 | c = sk_SSL_CIPHER_value(sk, i); | 1367 | c = sk_SSL_CIPHER_value(sk, i); |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 8ecb37d1be..8ebcb74ab9 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.97 2015/02/09 07:17:55 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1355,11 +1355,13 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | |||
| 1355 | size_t curlen = 0; | 1355 | size_t curlen = 0; |
| 1356 | int i; | 1356 | int i; |
| 1357 | 1357 | ||
| 1358 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | 1358 | if (s->session == NULL || s->session->ciphers == NULL || len < 2) |
| 1359 | (len < 2)) | 1359 | return (NULL); |
| 1360 | return (NULL); | ||
| 1361 | 1360 | ||
| 1362 | sk = s->session->ciphers; | 1361 | sk = s->session->ciphers; |
| 1362 | if (sk_SSL_CIPHER_num(sk) == 0) | ||
| 1363 | return (NULL); | ||
| 1364 | |||
| 1363 | buf[0] = '\0'; | 1365 | buf[0] = '\0'; |
| 1364 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | 1366 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1365 | c = sk_SSL_CIPHER_value(sk, i); | 1367 | c = sk_SSL_CIPHER_value(sk, i); |