diff options
| author | miod <> | 2014-05-24 19:27:48 +0000 |
|---|---|---|
| committer | miod <> | 2014-05-24 19:27:48 +0000 |
| commit | 7e89f54b49bfbcf3f730ec511180b3edcf5d2fb3 (patch) | |
| tree | 4b16e9c4b4303c6a280db217c581a31b8a84dfe4 /src/lib/libssl/ssl_ciph.c | |
| parent | 3df307f040650d341674f0a44474949632396aeb (diff) | |
| download | openbsd-7e89f54b49bfbcf3f730ec511180b3edcf5d2fb3.tar.gz openbsd-7e89f54b49bfbcf3f730ec511180b3edcf5d2fb3.tar.bz2 openbsd-7e89f54b49bfbcf3f730ec511180b3edcf5d2fb3.zip | |
In ssl_cipher_get_evp(), fix off-by-one in index validation before accessing
arrays.
"kind of scary" deraadt@, ok guenther@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 77d8a3c79f..4ae3312a1a 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -559,7 +559,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 559 | break; | 559 | break; |
| 560 | } | 560 | } |
| 561 | 561 | ||
| 562 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | 562 | if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) |
| 563 | *enc = NULL; | 563 | *enc = NULL; |
| 564 | else { | 564 | else { |
| 565 | if (i == SSL_ENC_NULL_IDX) | 565 | if (i == SSL_ENC_NULL_IDX) |
| @@ -591,7 +591,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 591 | i = -1; | 591 | i = -1; |
| 592 | break; | 592 | break; |
| 593 | } | 593 | } |
| 594 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) { | 594 | if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { |
| 595 | *md = NULL; | 595 | *md = NULL; |
| 596 | 596 | ||
| 597 | if (mac_pkey_type != NULL) | 597 | if (mac_pkey_type != NULL) |