summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2015-07-15 21:52:02 +0000
committerbeck <>2015-07-15 21:52:02 +0000
commite1423b93bd3553efa320e96178feb2e4fbf950d1 (patch)
tree7d066d88d08963f8b22bdaf2c1bb9bfaee2a754c
parent9cf0596801d610bf14fe31c968259db1d3d99182 (diff)
downloadopenbsd-e1423b93bd3553efa320e96178feb2e4fbf950d1.tar.gz
openbsd-e1423b93bd3553efa320e96178feb2e4fbf950d1.tar.bz2
openbsd-e1423b93bd3553efa320e96178feb2e4fbf950d1.zip
test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@
Diffstat
-rw-r--r--src/lib/libssl/d1_srtp.c13
-rw-r--r--src/lib/libssl/s3_both.c10
-rw-r--r--src/lib/libssl/s3_clnt.c21
-rw-r--r--src/lib/libssl/src/ssl/d1_srtp.c13
-rw-r--r--src/lib/libssl/src/ssl/s3_both.c10
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c21
6 files changed, 66 insertions, 22 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 801eab1b76..8f05c4abc8 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.13 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -303,11 +303,16 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
303 uint16_t id; 303 uint16_t id;
304 CBS cbs, ciphers, mki; 304 CBS cbs, ciphers, mki;
305 305
306 CBS_init(&cbs, d, len); 306 if (len < 0) {
307 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
308 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
309 *al = SSL_AD_DECODE_ERROR;
310 goto done;
311 }
307 312
313 CBS_init(&cbs, d, len);
308 /* Pull off the cipher suite list */ 314 /* Pull off the cipher suite list */
309 if (len < 0 || 315 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
310 !CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
311 CBS_len(&ciphers) % 2 || 316 CBS_len(&ciphers) % 2 ||
312 CBS_len(&cbs) != 0) { 317 CBS_len(&cbs) != 0) {
313 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 318 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 5db0a11618..a19ce74380 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.41 2015/07/14 05:41:07 doug Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.42 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -242,9 +242,15 @@ ssl3_get_finished(SSL *s, int a, int b)
242 242
243 md_len = s->method->ssl3_enc->finish_mac_length; 243 md_len = s->method->ssl3_enc->finish_mac_length;
244 244
245 if (n < 0) {
246 al = SSL_AD_DECODE_ERROR;
247 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
248 goto f_err;
249 }
250
245 CBS_init(&cbs, s->init_msg, n); 251 CBS_init(&cbs, s->init_msg, n);
246 252
247 if (n < 0 || s->s3->tmp.peer_finish_md_len != md_len || 253 if (s->s3->tmp.peer_finish_md_len != md_len ||
248 CBS_len(&cbs) != md_len) { 254 CBS_len(&cbs) != md_len) {
249 al = SSL_AD_DECODE_ERROR; 255 al = SSL_AD_DECODE_ERROR;
250 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 256 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 6bc5a8b622..3f7f3a411d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.118 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -996,7 +996,6 @@ ssl3_get_server_certificate(SSL *s)
996 goto f_err; 996 goto f_err;
997 } 997 }
998 998
999 CBS_init(&cbs, s->init_msg, n);
1000 999
1001 if ((sk = sk_X509_new_null()) == NULL) { 1000 if ((sk = sk_X509_new_null()) == NULL) {
1002 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1001 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@@ -1004,8 +1003,13 @@ ssl3_get_server_certificate(SSL *s)
1004 goto err; 1003 goto err;
1005 } 1004 }
1006 1005
1007 if (n < 0 || CBS_len(&cbs) < 3) 1006 if (n < 0)
1007 goto truncated;
1008
1009 CBS_init(&cbs, s->init_msg, n);
1010 if (CBS_len(&cbs) < 3)
1008 goto truncated; 1011 goto truncated;
1012
1009 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || 1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1010 CBS_len(&cbs) != 0) { 1014 CBS_len(&cbs) != 0) {
1011 al = SSL_AD_DECODE_ERROR; 1015 al = SSL_AD_DECODE_ERROR;
@@ -1797,9 +1801,16 @@ ssl3_get_cert_status(SSL *s)
1797 if (!ok) 1801 if (!ok)
1798 return ((int)n); 1802 return ((int)n);
1799 1803
1800 CBS_init(&cert_status, s->init_msg, n); 1804 if (n < 0) {
1805 /* need at least status type + length */
1806 al = SSL_AD_DECODE_ERROR;
1807 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1808 SSL_R_LENGTH_MISMATCH);
1809 goto f_err;
1810 }
1801 1811
1802 if (n < 0 || !CBS_get_u8(&cert_status, &status_type) || 1812 CBS_init(&cert_status, s->init_msg, n);
1813 if (!CBS_get_u8(&cert_status, &status_type) ||
1803 CBS_len(&cert_status) < 3) { 1814 CBS_len(&cert_status) < 3) {
1804 /* need at least status type + length */ 1815 /* need at least status type + length */
1805 al = SSL_AD_DECODE_ERROR; 1816 al = SSL_AD_DECODE_ERROR;
diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c
index 801eab1b76..8f05c4abc8 100644
--- a/src/lib/libssl/src/ssl/d1_srtp.c
+++ b/src/lib/libssl/src/ssl/d1_srtp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */ 1/* $OpenBSD: d1_srtp.c,v 1.13 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -303,11 +303,16 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
303 uint16_t id; 303 uint16_t id;
304 CBS cbs, ciphers, mki; 304 CBS cbs, ciphers, mki;
305 305
306 CBS_init(&cbs, d, len); 306 if (len < 0) {
307 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
308 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
309 *al = SSL_AD_DECODE_ERROR;
310 goto done;
311 }
307 312
313 CBS_init(&cbs, d, len);
308 /* Pull off the cipher suite list */ 314 /* Pull off the cipher suite list */
309 if (len < 0 || 315 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
310 !CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
311 CBS_len(&ciphers) % 2 || 316 CBS_len(&ciphers) % 2 ||
312 CBS_len(&cbs) != 0) { 317 CBS_len(&cbs) != 0) {
313 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 318 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index 5db0a11618..a19ce74380 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_both.c,v 1.41 2015/07/14 05:41:07 doug Exp $ */ 1/* $OpenBSD: s3_both.c,v 1.42 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -242,9 +242,15 @@ ssl3_get_finished(SSL *s, int a, int b)
242 242
243 md_len = s->method->ssl3_enc->finish_mac_length; 243 md_len = s->method->ssl3_enc->finish_mac_length;
244 244
245 if (n < 0) {
246 al = SSL_AD_DECODE_ERROR;
247 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
248 goto f_err;
249 }
250
245 CBS_init(&cbs, s->init_msg, n); 251 CBS_init(&cbs, s->init_msg, n);
246 252
247 if (n < 0 || s->s3->tmp.peer_finish_md_len != md_len || 253 if (s->s3->tmp.peer_finish_md_len != md_len ||
248 CBS_len(&cbs) != md_len) { 254 CBS_len(&cbs) != md_len) {
249 al = SSL_AD_DECODE_ERROR; 255 al = SSL_AD_DECODE_ERROR;
250 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); 256 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 6bc5a8b622..3f7f3a411d 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.118 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -996,7 +996,6 @@ ssl3_get_server_certificate(SSL *s)
996 goto f_err; 996 goto f_err;
997 } 997 }
998 998
999 CBS_init(&cbs, s->init_msg, n);
1000 999
1001 if ((sk = sk_X509_new_null()) == NULL) { 1000 if ((sk = sk_X509_new_null()) == NULL) {
1002 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1001 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@@ -1004,8 +1003,13 @@ ssl3_get_server_certificate(SSL *s)
1004 goto err; 1003 goto err;
1005 } 1004 }
1006 1005
1007 if (n < 0 || CBS_len(&cbs) < 3) 1006 if (n < 0)
1007 goto truncated;
1008
1009 CBS_init(&cbs, s->init_msg, n);
1010 if (CBS_len(&cbs) < 3)
1008 goto truncated; 1011 goto truncated;
1012
1009 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || 1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1010 CBS_len(&cbs) != 0) { 1014 CBS_len(&cbs) != 0) {
1011 al = SSL_AD_DECODE_ERROR; 1015 al = SSL_AD_DECODE_ERROR;
@@ -1797,9 +1801,16 @@ ssl3_get_cert_status(SSL *s)
1797 if (!ok) 1801 if (!ok)
1798 return ((int)n); 1802 return ((int)n);
1799 1803
1800 CBS_init(&cert_status, s->init_msg, n); 1804 if (n < 0) {
1805 /* need at least status type + length */
1806 al = SSL_AD_DECODE_ERROR;
1807 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1808 SSL_R_LENGTH_MISMATCH);
1809 goto f_err;
1810 }
1801 1811
1802 if (n < 0 || !CBS_get_u8(&cert_status, &status_type) || 1812 CBS_init(&cert_status, s->init_msg, n);
1813 if (!CBS_get_u8(&cert_status, &status_type) ||
1803 CBS_len(&cert_status) < 3) { 1814 CBS_len(&cert_status) < 3) {
1804 /* need at least status type + length */ 1815 /* need at least status type + length */
1805 al = SSL_AD_DECODE_ERROR; 1816 al = SSL_AD_DECODE_ERROR;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:47:47 +0000