diff options
| author | doug <> | 2015-01-03 18:07:29 +0000 |
|---|---|---|
| committer | doug <> | 2015-01-03 18:07:29 +0000 |
| commit | 919ac61b86380814cf1aa68d10ccb1b5bed747af (patch) | |
| tree | 1a682c1fdd2a7e05c5dde4ef08c70ba98577cbdd | |
| parent | 3a71bbcdc4f61edf763302e9f0114aa00ce81b97 (diff) | |
| download | openbsd-919ac61b86380814cf1aa68d10ccb1b5bed747af.tar.gz openbsd-919ac61b86380814cf1aa68d10ccb1b5bed747af.tar.bz2 openbsd-919ac61b86380814cf1aa68d10ccb1b5bed747af.zip | |
Fix incorrect OPENSSL_assert() usage.
Instead of asserting, return an error code for I/O errors. This is based
on OpenSSL commit 2521fcd8527008ceb3e4748f95b0ed4e2d70cfef. Added checks
for two calloc()s while I'm here.
ok miod@
| -rw-r--r-- | src/lib/libcrypto/bio/bss_dgram.c | 77 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/bio/bss_dgram.c | 77 |
2 files changed, 106 insertions, 48 deletions
diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c index 2e17dc9e21..c6b552eb32 100644 --- a/src/lib/libcrypto/bio/bss_dgram.c +++ b/src/lib/libcrypto/bio/bss_dgram.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bss_dgram.c,v 1.37 2014/11/26 05:41:44 bcook Exp $ */ | 1 | /* $OpenBSD: bss_dgram.c,v 1.38 2015/01/03 18:07:29 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -719,18 +719,25 @@ BIO_new_dgram_sctp(int fd, int close_flag) | |||
| 719 | /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ | 719 | /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ |
| 720 | auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; | 720 | auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; |
| 721 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); | 721 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); |
| 722 | OPENSSL_assert(ret >= 0); | 722 | if (ret < 0) |
| 723 | goto err; | ||
| 723 | auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; | 724 | auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; |
| 724 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); | 725 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); |
| 725 | OPENSSL_assert(ret >= 0); | 726 | if (ret < 0) |
| 727 | goto err; | ||
| 726 | 728 | ||
| 727 | /* Test if activation was successful. When using accept(), | 729 | /* Test if activation was successful. When using accept(), |
| 728 | * SCTP-AUTH has to be activated for the listening socket | 730 | * SCTP-AUTH has to be activated for the listening socket |
| 729 | * already, otherwise the connected socket won't use it. */ | 731 | * already, otherwise the connected socket won't use it. */ |
| 730 | sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); | 732 | sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
| 731 | authchunks = calloc(1, sockopt_len); | 733 | authchunks = calloc(1, sockopt_len); |
| 734 | if (authchunks == NULL) | ||
| 735 | goto err; | ||
| 732 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); | 736 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); |
| 733 | OPENSSL_assert(ret >= 0); | 737 | if (ret < 0) { |
| 738 | free(authchunks); | ||
| 739 | goto err; | ||
| 740 | } | ||
| 734 | 741 | ||
| 735 | for (p = (unsigned char*) authchunks->gauth_chunks; | 742 | for (p = (unsigned char*) authchunks->gauth_chunks; |
| 736 | p < (unsigned char*) authchunks + sockopt_len; | 743 | p < (unsigned char*) authchunks + sockopt_len; |
| @@ -753,16 +760,19 @@ BIO_new_dgram_sctp(int fd, int close_flag) | |||
| 753 | event.se_type = SCTP_AUTHENTICATION_EVENT; | 760 | event.se_type = SCTP_AUTHENTICATION_EVENT; |
| 754 | event.se_on = 1; | 761 | event.se_on = 1; |
| 755 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); | 762 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); |
| 756 | OPENSSL_assert(ret >= 0); | 763 | if (ret < 0) |
| 764 | goto err; | ||
| 757 | #else | 765 | #else |
| 758 | sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); | 766 | sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); |
| 759 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); | 767 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); |
| 760 | OPENSSL_assert(ret >= 0); | 768 | if (ret < 0) |
| 769 | goto err; | ||
| 761 | 770 | ||
| 762 | event.sctp_authentication_event = 1; | 771 | event.sctp_authentication_event = 1; |
| 763 | 772 | ||
| 764 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); | 773 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); |
| 765 | OPENSSL_assert(ret >= 0); | 774 | if (ret < 0) |
| 775 | goto err; | ||
| 766 | #endif | 776 | #endif |
| 767 | #endif | 777 | #endif |
| 768 | 778 | ||
| @@ -770,9 +780,14 @@ BIO_new_dgram_sctp(int fd, int close_flag) | |||
| 770 | * larger than the max record size of 2^14 + 2048 + 13 | 780 | * larger than the max record size of 2^14 + 2048 + 13 |
| 771 | */ | 781 | */ |
| 772 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval)); | 782 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval)); |
| 773 | OPENSSL_assert(ret >= 0); | 783 | if (ret < 0) |
| 784 | goto err; | ||
| 774 | 785 | ||
| 775 | return (bio); | 786 | return (bio); |
| 787 | |||
| 788 | err: | ||
| 789 | BIO_vfree(bio); | ||
| 790 | return (NULL); | ||
| 776 | } | 791 | } |
| 777 | 792 | ||
| 778 | int | 793 | int |
| @@ -929,16 +944,25 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 929 | event.se_type = SCTP_SENDER_DRY_EVENT; | 944 | event.se_type = SCTP_SENDER_DRY_EVENT; |
| 930 | event.se_on = 0; | 945 | event.se_on = 0; |
| 931 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); | 946 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); |
| 932 | OPENSSL_assert(i >= 0); | 947 | if (i < 0) { |
| 948 | ret = i; | ||
| 949 | break; | ||
| 950 | } | ||
| 933 | #else | 951 | #else |
| 934 | eventsize = sizeof(struct sctp_event_subscribe); | 952 | eventsize = sizeof(struct sctp_event_subscribe); |
| 935 | i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); | 953 | i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); |
| 936 | OPENSSL_assert(i >= 0); | 954 | if (i < 0) { |
| 955 | ret = i; | ||
| 956 | break; | ||
| 957 | } | ||
| 937 | 958 | ||
| 938 | event.sctp_sender_dry_event = 0; | 959 | event.sctp_sender_dry_event = 0; |
| 939 | 960 | ||
| 940 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); | 961 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); |
| 941 | OPENSSL_assert(i >= 0); | 962 | if (i < 0) { |
| 963 | ret = i; | ||
| 964 | break; | ||
| 965 | } | ||
| 942 | #endif | 966 | #endif |
| 943 | } | 967 | } |
| 944 | 968 | ||
| @@ -969,8 +993,8 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 969 | */ | 993 | */ |
| 970 | optlen = (socklen_t) sizeof(int); | 994 | optlen = (socklen_t) sizeof(int); |
| 971 | ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); | 995 | ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); |
| 972 | OPENSSL_assert(ret >= 0); | 996 | if (ret >= 0) |
| 973 | OPENSSL_assert(optval >= 18445); | 997 | OPENSSL_assert(optval >= 18445); |
| 974 | 998 | ||
| 975 | /* Test if SCTP doesn't partially deliver below | 999 | /* Test if SCTP doesn't partially deliver below |
| 976 | * max record size (2^14 + 2048 + 13) | 1000 | * max record size (2^14 + 2048 + 13) |
| @@ -978,8 +1002,8 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 978 | optlen = (socklen_t) sizeof(int); | 1002 | optlen = (socklen_t) sizeof(int); |
| 979 | ret = getsockopt(b->num, IPPROTO_SCTP, | 1003 | ret = getsockopt(b->num, IPPROTO_SCTP, |
| 980 | SCTP_PARTIAL_DELIVERY_POINT, &optval, &optlen); | 1004 | SCTP_PARTIAL_DELIVERY_POINT, &optval, &optlen); |
| 981 | OPENSSL_assert(ret >= 0); | 1005 | if (ret >= 0) |
| 982 | OPENSSL_assert(optval >= 18445); | 1006 | OPENSSL_assert(optval >= 18445); |
| 983 | 1007 | ||
| 984 | /* Partially delivered notification??? Probably a bug.... */ | 1008 | /* Partially delivered notification??? Probably a bug.... */ |
| 985 | OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); | 1009 | OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); |
| @@ -1008,16 +1032,21 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 1008 | 1032 | ||
| 1009 | optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); | 1033 | optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
| 1010 | authchunks = calloc(1, optlen); | 1034 | authchunks = calloc(1, optlen); |
| 1035 | if (authchunks == NULL) { | ||
| 1036 | BIOerr(BIO_F_DGRAM_SCTP_READ, | ||
| 1037 | ERR_R_MALLOC_ERROR); | ||
| 1038 | return (-1); | ||
| 1039 | } | ||
| 1011 | ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); | 1040 | ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); |
| 1012 | OPENSSL_assert(ii >= 0); | 1041 | if (ii >= 0) { |
| 1013 | 1042 | for (p = (unsigned char*) authchunks->gauth_chunks; | |
| 1014 | for (p = (unsigned char*) authchunks->gauth_chunks; | 1043 | p < (unsigned char*) authchunks + optlen; |
| 1015 | p < (unsigned char*) authchunks + optlen; | 1044 | p += sizeof(uint8_t)) { |
| 1016 | p += sizeof(uint8_t)) { | 1045 | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) |
| 1017 | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) | 1046 | auth_data = 1; |
| 1018 | auth_data = 1; | 1047 | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) |
| 1019 | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) | 1048 | auth_forward = 1; |
| 1020 | auth_forward = 1; | 1049 | } |
| 1021 | } | 1050 | } |
| 1022 | 1051 | ||
| 1023 | free(authchunks); | 1052 | free(authchunks); |
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c index 2e17dc9e21..c6b552eb32 100644 --- a/src/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bss_dgram.c,v 1.37 2014/11/26 05:41:44 bcook Exp $ */ | 1 | /* $OpenBSD: bss_dgram.c,v 1.38 2015/01/03 18:07:29 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -719,18 +719,25 @@ BIO_new_dgram_sctp(int fd, int close_flag) | |||
| 719 | /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ | 719 | /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ |
| 720 | auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; | 720 | auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; |
| 721 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); | 721 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); |
| 722 | OPENSSL_assert(ret >= 0); | 722 | if (ret < 0) |
| 723 | goto err; | ||
| 723 | auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; | 724 | auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; |
| 724 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); | 725 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); |
| 725 | OPENSSL_assert(ret >= 0); | 726 | if (ret < 0) |
| 727 | goto err; | ||
| 726 | 728 | ||
| 727 | /* Test if activation was successful. When using accept(), | 729 | /* Test if activation was successful. When using accept(), |
| 728 | * SCTP-AUTH has to be activated for the listening socket | 730 | * SCTP-AUTH has to be activated for the listening socket |
| 729 | * already, otherwise the connected socket won't use it. */ | 731 | * already, otherwise the connected socket won't use it. */ |
| 730 | sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); | 732 | sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
| 731 | authchunks = calloc(1, sockopt_len); | 733 | authchunks = calloc(1, sockopt_len); |
| 734 | if (authchunks == NULL) | ||
| 735 | goto err; | ||
| 732 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); | 736 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); |
| 733 | OPENSSL_assert(ret >= 0); | 737 | if (ret < 0) { |
| 738 | free(authchunks); | ||
| 739 | goto err; | ||
| 740 | } | ||
| 734 | 741 | ||
| 735 | for (p = (unsigned char*) authchunks->gauth_chunks; | 742 | for (p = (unsigned char*) authchunks->gauth_chunks; |
| 736 | p < (unsigned char*) authchunks + sockopt_len; | 743 | p < (unsigned char*) authchunks + sockopt_len; |
| @@ -753,16 +760,19 @@ BIO_new_dgram_sctp(int fd, int close_flag) | |||
| 753 | event.se_type = SCTP_AUTHENTICATION_EVENT; | 760 | event.se_type = SCTP_AUTHENTICATION_EVENT; |
| 754 | event.se_on = 1; | 761 | event.se_on = 1; |
| 755 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); | 762 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); |
| 756 | OPENSSL_assert(ret >= 0); | 763 | if (ret < 0) |
| 764 | goto err; | ||
| 757 | #else | 765 | #else |
| 758 | sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); | 766 | sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); |
| 759 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); | 767 | ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); |
| 760 | OPENSSL_assert(ret >= 0); | 768 | if (ret < 0) |
| 769 | goto err; | ||
| 761 | 770 | ||
| 762 | event.sctp_authentication_event = 1; | 771 | event.sctp_authentication_event = 1; |
| 763 | 772 | ||
| 764 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); | 773 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); |
| 765 | OPENSSL_assert(ret >= 0); | 774 | if (ret < 0) |
| 775 | goto err; | ||
| 766 | #endif | 776 | #endif |
| 767 | #endif | 777 | #endif |
| 768 | 778 | ||
| @@ -770,9 +780,14 @@ BIO_new_dgram_sctp(int fd, int close_flag) | |||
| 770 | * larger than the max record size of 2^14 + 2048 + 13 | 780 | * larger than the max record size of 2^14 + 2048 + 13 |
| 771 | */ | 781 | */ |
| 772 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval)); | 782 | ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval)); |
| 773 | OPENSSL_assert(ret >= 0); | 783 | if (ret < 0) |
| 784 | goto err; | ||
| 774 | 785 | ||
| 775 | return (bio); | 786 | return (bio); |
| 787 | |||
| 788 | err: | ||
| 789 | BIO_vfree(bio); | ||
| 790 | return (NULL); | ||
| 776 | } | 791 | } |
| 777 | 792 | ||
| 778 | int | 793 | int |
| @@ -929,16 +944,25 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 929 | event.se_type = SCTP_SENDER_DRY_EVENT; | 944 | event.se_type = SCTP_SENDER_DRY_EVENT; |
| 930 | event.se_on = 0; | 945 | event.se_on = 0; |
| 931 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); | 946 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); |
| 932 | OPENSSL_assert(i >= 0); | 947 | if (i < 0) { |
| 948 | ret = i; | ||
| 949 | break; | ||
| 950 | } | ||
| 933 | #else | 951 | #else |
| 934 | eventsize = sizeof(struct sctp_event_subscribe); | 952 | eventsize = sizeof(struct sctp_event_subscribe); |
| 935 | i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); | 953 | i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); |
| 936 | OPENSSL_assert(i >= 0); | 954 | if (i < 0) { |
| 955 | ret = i; | ||
| 956 | break; | ||
| 957 | } | ||
| 937 | 958 | ||
| 938 | event.sctp_sender_dry_event = 0; | 959 | event.sctp_sender_dry_event = 0; |
| 939 | 960 | ||
| 940 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); | 961 | i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); |
| 941 | OPENSSL_assert(i >= 0); | 962 | if (i < 0) { |
| 963 | ret = i; | ||
| 964 | break; | ||
| 965 | } | ||
| 942 | #endif | 966 | #endif |
| 943 | } | 967 | } |
| 944 | 968 | ||
| @@ -969,8 +993,8 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 969 | */ | 993 | */ |
| 970 | optlen = (socklen_t) sizeof(int); | 994 | optlen = (socklen_t) sizeof(int); |
| 971 | ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); | 995 | ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); |
| 972 | OPENSSL_assert(ret >= 0); | 996 | if (ret >= 0) |
| 973 | OPENSSL_assert(optval >= 18445); | 997 | OPENSSL_assert(optval >= 18445); |
| 974 | 998 | ||
| 975 | /* Test if SCTP doesn't partially deliver below | 999 | /* Test if SCTP doesn't partially deliver below |
| 976 | * max record size (2^14 + 2048 + 13) | 1000 | * max record size (2^14 + 2048 + 13) |
| @@ -978,8 +1002,8 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 978 | optlen = (socklen_t) sizeof(int); | 1002 | optlen = (socklen_t) sizeof(int); |
| 979 | ret = getsockopt(b->num, IPPROTO_SCTP, | 1003 | ret = getsockopt(b->num, IPPROTO_SCTP, |
| 980 | SCTP_PARTIAL_DELIVERY_POINT, &optval, &optlen); | 1004 | SCTP_PARTIAL_DELIVERY_POINT, &optval, &optlen); |
| 981 | OPENSSL_assert(ret >= 0); | 1005 | if (ret >= 0) |
| 982 | OPENSSL_assert(optval >= 18445); | 1006 | OPENSSL_assert(optval >= 18445); |
| 983 | 1007 | ||
| 984 | /* Partially delivered notification??? Probably a bug.... */ | 1008 | /* Partially delivered notification??? Probably a bug.... */ |
| 985 | OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); | 1009 | OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); |
| @@ -1008,16 +1032,21 @@ dgram_sctp_read(BIO *b, char *out, int outl) | |||
| 1008 | 1032 | ||
| 1009 | optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); | 1033 | optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); |
| 1010 | authchunks = calloc(1, optlen); | 1034 | authchunks = calloc(1, optlen); |
| 1035 | if (authchunks == NULL) { | ||
| 1036 | BIOerr(BIO_F_DGRAM_SCTP_READ, | ||
| 1037 | ERR_R_MALLOC_ERROR); | ||
| 1038 | return (-1); | ||
| 1039 | } | ||
| 1011 | ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); | 1040 | ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); |
| 1012 | OPENSSL_assert(ii >= 0); | 1041 | if (ii >= 0) { |
| 1013 | 1042 | for (p = (unsigned char*) authchunks->gauth_chunks; | |
| 1014 | for (p = (unsigned char*) authchunks->gauth_chunks; | 1043 | p < (unsigned char*) authchunks + optlen; |
| 1015 | p < (unsigned char*) authchunks + optlen; | 1044 | p += sizeof(uint8_t)) { |
| 1016 | p += sizeof(uint8_t)) { | 1045 | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) |
| 1017 | if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) | 1046 | auth_data = 1; |
| 1018 | auth_data = 1; | 1047 | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) |
| 1019 | if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) | 1048 | auth_forward = 1; |
| 1020 | auth_forward = 1; | 1049 | } |
| 1021 | } | 1050 | } |
| 1022 | 1051 | ||
| 1023 | free(authchunks); | 1052 | free(authchunks); |