diff options
| author | miod <> | 2014-05-31 19:09:20 +0000 |
|---|---|---|
| committer | miod <> | 2014-05-31 19:09:20 +0000 |
| commit | abc09e7ca58bc425caf1f38342e5f0453cfcbc43 (patch) | |
| tree | 4898b549eee30018e5970ddd3ceee3cca166f99d | |
| parent | a5757b535e4efefee62f47029a4e4e9cb16e6d32 (diff) | |
| download | openbsd-abc09e7ca58bc425caf1f38342e5f0453cfcbc43.tar.gz openbsd-abc09e7ca58bc425caf1f38342e5f0453cfcbc43.tar.bz2 openbsd-abc09e7ca58bc425caf1f38342e5f0453cfcbc43.zip | |
BUF_MEM_grow_clean() takes a size_t as the size argument. Remove false comments
mentioning it's an int, bogus (int) casts and bounds checks against INT_MAX
(BUF_MEM_grow_clean has its own integer bounds checks).
ok deraadt@
| -rw-r--r-- | src/lib/libssl/d1_both.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/s3_both.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_both.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_both.c | 10 |
4 files changed, 6 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index d62362e69a..8e2843625b 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -946,7 +946,7 @@ dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | |||
| 946 | unsigned char *p; | 946 | unsigned char *p; |
| 947 | 947 | ||
| 948 | n = i2d_X509(x, NULL); | 948 | n = i2d_X509(x, NULL); |
| 949 | if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { | 949 | if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) { |
| 950 | SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); | 950 | SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); |
| 951 | return 0; | 951 | return 0; |
| 952 | } | 952 | } |
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 2a96c19914..b6249e3e1d 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -315,7 +315,7 @@ ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | |||
| 315 | unsigned char *p; | 315 | unsigned char *p; |
| 316 | 316 | ||
| 317 | n = i2d_X509(x, NULL); | 317 | n = i2d_X509(x, NULL); |
| 318 | if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) { | 318 | if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) { |
| 319 | SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); | 319 | SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); |
| 320 | return (-1); | 320 | return (-1); |
| 321 | } | 321 | } |
| @@ -479,13 +479,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 479 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); | 479 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); |
| 480 | goto f_err; | 480 | goto f_err; |
| 481 | } | 481 | } |
| 482 | if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ | 482 | if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) { |
| 483 | { | ||
| 484 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 485 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 486 | goto f_err; | ||
| 487 | } | ||
| 488 | if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) { | ||
| 489 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | 483 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); |
| 490 | goto err; | 484 | goto err; |
| 491 | } | 485 | } |
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c index d62362e69a..8e2843625b 100644 --- a/src/lib/libssl/src/ssl/d1_both.c +++ b/src/lib/libssl/src/ssl/d1_both.c | |||
| @@ -946,7 +946,7 @@ dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | |||
| 946 | unsigned char *p; | 946 | unsigned char *p; |
| 947 | 947 | ||
| 948 | n = i2d_X509(x, NULL); | 948 | n = i2d_X509(x, NULL); |
| 949 | if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) { | 949 | if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) { |
| 950 | SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); | 950 | SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); |
| 951 | return 0; | 951 | return 0; |
| 952 | } | 952 | } |
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 2a96c19914..b6249e3e1d 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c | |||
| @@ -315,7 +315,7 @@ ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | |||
| 315 | unsigned char *p; | 315 | unsigned char *p; |
| 316 | 316 | ||
| 317 | n = i2d_X509(x, NULL); | 317 | n = i2d_X509(x, NULL); |
| 318 | if (!BUF_MEM_grow_clean(buf,(int)(n + (*l) + 3))) { | 318 | if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) { |
| 319 | SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); | 319 | SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); |
| 320 | return (-1); | 320 | return (-1); |
| 321 | } | 321 | } |
| @@ -479,13 +479,7 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 479 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); | 479 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); |
| 480 | goto f_err; | 480 | goto f_err; |
| 481 | } | 481 | } |
| 482 | if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ | 482 | if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) { |
| 483 | { | ||
| 484 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 485 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 486 | goto f_err; | ||
| 487 | } | ||
| 488 | if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l + 4)) { | ||
| 489 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | 483 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); |
| 490 | goto err; | 484 | goto err; |
| 491 | } | 485 | } |