summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_clnt.c
diff options
context:
space:
mode:
authorbeck <>2015-07-15 21:52:02 +0000
committerbeck <>2015-07-15 21:52:02 +0000
commite1423b93bd3553efa320e96178feb2e4fbf950d1 (patch)
tree7d066d88d08963f8b22bdaf2c1bb9bfaee2a754c /src/lib/libssl/s3_clnt.c
parent9cf0596801d610bf14fe31c968259db1d3d99182 (diff)
downloadopenbsd-e1423b93bd3553efa320e96178feb2e4fbf950d1.tar.gz
openbsd-e1423b93bd3553efa320e96178feb2e4fbf950d1.tar.bz2
openbsd-e1423b93bd3553efa320e96178feb2e4fbf950d1.zip
test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@
Diffstat (limited to 'src/lib/libssl/s3_clnt.c')
-rw-r--r--src/lib/libssl/s3_clnt.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 6bc5a8b622..3f7f3a411d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.118 2015/07/15 21:52:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -996,7 +996,6 @@ ssl3_get_server_certificate(SSL *s)
996 goto f_err; 996 goto f_err;
997 } 997 }
998 998
999 CBS_init(&cbs, s->init_msg, n);
1000 999
1001 if ((sk = sk_X509_new_null()) == NULL) { 1000 if ((sk = sk_X509_new_null()) == NULL) {
1002 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, 1001 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
@@ -1004,8 +1003,13 @@ ssl3_get_server_certificate(SSL *s)
1004 goto err; 1003 goto err;
1005 } 1004 }
1006 1005
1007 if (n < 0 || CBS_len(&cbs) < 3) 1006 if (n < 0)
1007 goto truncated;
1008
1009 CBS_init(&cbs, s->init_msg, n);
1010 if (CBS_len(&cbs) < 3)
1008 goto truncated; 1011 goto truncated;
1012
1009 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || 1013 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1010 CBS_len(&cbs) != 0) { 1014 CBS_len(&cbs) != 0) {
1011 al = SSL_AD_DECODE_ERROR; 1015 al = SSL_AD_DECODE_ERROR;
@@ -1797,9 +1801,16 @@ ssl3_get_cert_status(SSL *s)
1797 if (!ok) 1801 if (!ok)
1798 return ((int)n); 1802 return ((int)n);
1799 1803
1800 CBS_init(&cert_status, s->init_msg, n); 1804 if (n < 0) {
1805 /* need at least status type + length */
1806 al = SSL_AD_DECODE_ERROR;
1807 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1808 SSL_R_LENGTH_MISMATCH);
1809 goto f_err;
1810 }
1801 1811
1802 if (n < 0 || !CBS_get_u8(&cert_status, &status_type) || 1812 CBS_init(&cert_status, s->init_msg, n);
1813 if (!CBS_get_u8(&cert_status, &status_type) ||
1803 CBS_len(&cert_status) < 3) { 1814 CBS_len(&cert_status) < 3) {
1804 /* need at least status type + length */ 1815 /* need at least status type + length */
1805 al = SSL_AD_DECODE_ERROR; 1816 al = SSL_AD_DECODE_ERROR;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 15:17:27 +0000