diff options
| author | claudio <> | 2007-08-06 13:32:49 +0000 |
|---|---|---|
| committer | claudio <> | 2007-08-06 13:32:49 +0000 |
| commit | 066678a9abd4d902e555bec4e2e68192b477baba (patch) | |
| tree | 6f414544ed6633ab4bc941dc3d61e76ec159c7d1 /src/lib | |
| parent | fbdb4996ce0be760a632bb4a5052ac3014e92c83 (diff) | |
| download | openbsd-066678a9abd4d902e555bec4e2e68192b477baba.tar.gz openbsd-066678a9abd4d902e555bec4e2e68192b477baba.tar.bz2 openbsd-066678a9abd4d902e555bec4e2e68192b477baba.zip | |
Correctly NUL terminate the message buffer that is used with the
-starttls option. Without this openssl s_client -starttls crashed with
malloc.conf -> J. OK deraadt@, hshoexer@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/src/apps/s_client.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index a70735b9dc..78bc10d315 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c | |||
| @@ -243,6 +243,7 @@ int MAIN(int argc, char **argv) | |||
| 243 | char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; | 243 | char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; |
| 244 | int cbuf_len,cbuf_off; | 244 | int cbuf_len,cbuf_off; |
| 245 | int sbuf_len,sbuf_off; | 245 | int sbuf_len,sbuf_off; |
| 246 | int mbuf_len,mbuf_off; | ||
| 246 | fd_set readfds,writefds; | 247 | fd_set readfds,writefds; |
| 247 | char *port=PORT_STR; | 248 | char *port=PORT_STR; |
| 248 | int full_log=1; | 249 | int full_log=1; |
| @@ -291,7 +292,7 @@ int MAIN(int argc, char **argv) | |||
| 291 | 292 | ||
| 292 | if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || | 293 | if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || |
| 293 | ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || | 294 | ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) || |
| 294 | ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL)) | 295 | ((mbuf=OPENSSL_malloc(BUFSIZZ + 1)) == NULL)) /* NUL byte */ |
| 295 | { | 296 | { |
| 296 | BIO_printf(bio_err,"out of memory\n"); | 297 | BIO_printf(bio_err,"out of memory\n"); |
| 297 | goto end; | 298 | goto end; |
| @@ -596,23 +597,42 @@ re_start: | |||
| 596 | cbuf_off=0; | 597 | cbuf_off=0; |
| 597 | sbuf_len=0; | 598 | sbuf_len=0; |
| 598 | sbuf_off=0; | 599 | sbuf_off=0; |
| 600 | mbuf_len=0; | ||
| 601 | mbuf_off=0; | ||
| 599 | 602 | ||
| 600 | /* This is an ugly hack that does a lot of assumptions */ | 603 | /* This is an ugly hack that does a lot of assumptions */ |
| 601 | if (starttls_proto == 1) | 604 | if (starttls_proto == 1) |
| 602 | { | 605 | { |
| 603 | BIO_read(sbio,mbuf,BUFSIZZ); | 606 | mbuf_off = mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); |
| 607 | if (mbuf_len == -1) | ||
| 608 | { | ||
| 609 | BIO_printf(bio_err,"BIO_read failed\n"); | ||
| 610 | goto end; | ||
| 611 | } | ||
| 604 | BIO_printf(sbio,"EHLO some.host.name\r\n"); | 612 | BIO_printf(sbio,"EHLO some.host.name\r\n"); |
| 605 | BIO_read(sbio,mbuf,BUFSIZZ); | 613 | mbuf_len = BIO_read(sbio,mbuf + mbuf_off,BUFSIZZ - mbuf_off); |
| 614 | if (mbuf_len == -1) | ||
| 615 | { | ||
| 616 | BIO_printf(bio_err,"BIO_read failed\n"); | ||
| 617 | goto end; | ||
| 618 | } | ||
| 606 | BIO_printf(sbio,"STARTTLS\r\n"); | 619 | BIO_printf(sbio,"STARTTLS\r\n"); |
| 607 | BIO_read(sbio,sbuf,BUFSIZZ); | 620 | BIO_read(sbio,sbuf,BUFSIZZ); |
| 608 | } | 621 | } |
| 609 | if (starttls_proto == 2) | 622 | if (starttls_proto == 2) |
| 610 | { | 623 | { |
| 611 | BIO_read(sbio,mbuf,BUFSIZZ); | 624 | mbuf_len = BIO_read(sbio,mbuf,BUFSIZZ); |
| 625 | if (mbuf_len == -1) | ||
| 626 | { | ||
| 627 | BIO_printf(bio_err,"BIO_read failed\n"); | ||
| 628 | goto end; | ||
| 629 | } | ||
| 612 | BIO_printf(sbio,"STLS\r\n"); | 630 | BIO_printf(sbio,"STLS\r\n"); |
| 613 | BIO_read(sbio,sbuf,BUFSIZZ); | 631 | BIO_read(sbio,sbuf,BUFSIZZ); |
| 614 | } | 632 | } |
| 615 | 633 | ||
| 634 | mbuf[mbuf_off + mbuf_len] = '\0'; | ||
| 635 | |||
| 616 | for (;;) | 636 | for (;;) |
| 617 | { | 637 | { |
| 618 | FD_ZERO(&readfds); | 638 | FD_ZERO(&readfds); |