SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapper

around CRYPTO_set_ex_data(), which can fail. Since this is the case, check the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.
author: jsing <> 2015-08-22 14:51:34 +0000
committer: jsing <> 2015-08-22 14:51:34 +0000
commit: 1007a1f86697c5f72aaa723eea397d758e2f031d (patch)
tree: 5c7c5fd37e3b9e7ee0d012a45a11206672ebd2e1 /src
parent: a58daf1cbbba9f43718088b6c1ffffbe0d4c8341 (diff)
download: openbsd-1007a1f86697c5f72aaa723eea397d758e2f031d.tar.gz
openbsd-1007a1f86697c5f72aaa723eea397d758e2f031d.tar.bz2
openbsd-1007a1f86697c5f72aaa723eea397d758e2f031d.zip
2 files changed, 10 insertions, 6 deletions
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 295e76c60d..442ba4321e 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.18 2015/08/22 14:40:25 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.19 2015/08/22 14:51:34 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -225,8 +225,10 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
                tls_set_error(ctx, "ssl connection failure");
                goto err;
        }
-        SSL_set_app_data(ctx->ssl_conn, ctx);
+        if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
+                tls_set_error(ctx, "ssl application data failure");
+                goto err;
+        }
        if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
            SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
                tls_set_error(ctx, "ssl file descriptor failure");
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 55b19e472c..7308171452 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.7 2015/03/31 14:03:38 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.8 2015/08/22 14:51:34 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -120,13 +120,15 @@ tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
                        tls_set_error(ctx, "ssl failure");
                        goto err;
                }
+                if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
+                        tls_set_error(ctx, "ssl application data failure");
+                        goto err;
+                }
                if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
                    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
                        tls_set_error(ctx, "ssl set fd failure");
                        goto err;
                }
-                SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
        }
        if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
author	jsing <>	2015-08-22 14:51:34 +0000
committer	jsing <>	2015-08-22 14:51:34 +0000
commit	1007a1f86697c5f72aaa723eea397d758e2f031d (patch)
tree	5c7c5fd37e3b9e7ee0d012a45a11206672ebd2e1 /src
parent	a58daf1cbbba9f43718088b6c1ffffbe0d4c8341 (diff)
download	openbsd-1007a1f86697c5f72aaa723eea397d758e2f031d.tar.gz openbsd-1007a1f86697c5f72aaa723eea397d758e2f031d.tar.bz2 openbsd-1007a1f86697c5f72aaa723eea397d758e2f031d.zip

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index 295e76c60d..442ba4321e 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_client.c,v 1.18 2015/08/22 14:40:25 jsing Exp $ */	1	/* $OpenBSD: tls_client.c,v 1.19 2015/08/22 14:51:34 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -225,8 +225,10 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
225	tls_set_error(ctx, "ssl connection failure");	225	tls_set_error(ctx, "ssl connection failure");
226	goto err;	226	goto err;
227	}	227	}
228	SSL_set_app_data(ctx->ssl_conn, ctx);	228	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
229		229	tls_set_error(ctx, "ssl application data failure");
		230	goto err;
		231	}
230	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 \|\|	232	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 \|\|
231	SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {	233	SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
232	tls_set_error(ctx, "ssl file descriptor failure");	234	tls_set_error(ctx, "ssl file descriptor failure");


diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 55b19e472c..7308171452 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_server.c,v 1.7 2015/03/31 14:03:38 jsing Exp $ */	1	/* $OpenBSD: tls_server.c,v 1.8 2015/08/22 14:51:34 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -120,13 +120,15 @@ tls_accept_fds(struct tls ctx, struct tls *cctx, int fd_read, int fd_write)
120	tls_set_error(ctx, "ssl failure");	120	tls_set_error(ctx, "ssl failure");
121	goto err;	121	goto err;
122	}	122	}
123		123	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
		124	tls_set_error(ctx, "ssl application data failure");
		125	goto err;
		126	}
124	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 \|\|	127	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 \|\|
125	SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {	128	SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
126	tls_set_error(ctx, "ssl set fd failure");	129	tls_set_error(ctx, "ssl set fd failure");
127	goto err;	130	goto err;
128	}	131	}
129	SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
130	}	132	}
131		133
132	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {	134	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {