Fix SRTP parsing.

jsing@ noticed that during the CBS conversion, an extra CBS_len comparison was introduced. It should be 0 after extracting MKI. ok jsing@ bcook@ deraadt@
author: doug <> 2015-07-31 00:35:06 +0000
committer: doug <> 2015-07-31 00:35:06 +0000
commit: 11c1205d1375c2ebb50608dbd5a4cc26d96685ce (patch)
tree: 9b5132a01e62b050fe59a7b7f47b3bcfaf1a51dc /src/lib/libssl/d1_srtp.c
parent: c399ec1a5a1e334ca2ae5a449ca396abc5b4d043 (diff)
download: openbsd-11c1205d1375c2ebb50608dbd5a4cc26d96685ce.tar.gz
openbsd-11c1205d1375c2ebb50608dbd5a4cc26d96685ce.tar.bz2
openbsd-11c1205d1375c2ebb50608dbd5a4cc26d96685ce.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 2974691e3c..45ce5b8d3e 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.14 2015/07/17 17:36:24 doug Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.15 2015/07/31 00:35:06 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -313,8 +313,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
        CBS_init(&cbs, d, len);
        /* Pull off the cipher suite list */
        if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
-            CBS_len(&ciphers) % 2 ||
+            CBS_len(&ciphers) % 2) {
-            CBS_len(&cbs) != 0) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
                    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
                *al = SSL_AD_DECODE_ERROR;
author	doug <>	2015-07-31 00:35:06 +0000
committer	doug <>	2015-07-31 00:35:06 +0000
commit	11c1205d1375c2ebb50608dbd5a4cc26d96685ce (patch)
tree	9b5132a01e62b050fe59a7b7f47b3bcfaf1a51dc /src/lib/libssl/d1_srtp.c
parent	c399ec1a5a1e334ca2ae5a449ca396abc5b4d043 (diff)
download	openbsd-11c1205d1375c2ebb50608dbd5a4cc26d96685ce.tar.gz openbsd-11c1205d1375c2ebb50608dbd5a4cc26d96685ce.tar.bz2 openbsd-11c1205d1375c2ebb50608dbd5a4cc26d96685ce.zip