In ssl_cipher_get_evp(), fix off-by-one in index validation before accessing

arrays. "kind of scary" deraadt@, ok guenther@
author: miod <> 2014-05-24 19:27:48 +0000
committer: miod <> 2014-05-24 19:27:48 +0000
commit: 7b7cf02427def33a12d6a27c01ef7a7e64bc08d3 (patch)
tree: 4b16e9c4b4303c6a280db217c581a31b8a84dfe4 /src
parent: 894c4a4b30139aab2cf392bc81896b08c6e56390 (diff)
download: openbsd-7b7cf02427def33a12d6a27c01ef7a7e64bc08d3.tar.gz
openbsd-7b7cf02427def33a12d6a27c01ef7a7e64bc08d3.tar.bz2
openbsd-7b7cf02427def33a12d6a27c01ef7a7e64bc08d3.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 77d8a3c79f..4ae3312a1a 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -559,7 +559,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                break;
        }
-        if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+        if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
                *enc = NULL;
        else {
                if (i == SSL_ENC_NULL_IDX)
@@ -591,7 +591,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                i = -1;
                break;
        }
-        if ((i < 0) || (i > SSL_MD_NUM_IDX)) {
+        if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
                *md = NULL;
                if (mac_pkey_type != NULL)
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 77d8a3c79f..4ae3312a1a 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -559,7 +559,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                break;
        }
-        if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+        if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
                *enc = NULL;
        else {
                if (i == SSL_ENC_NULL_IDX)
@@ -591,7 +591,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                i = -1;
                break;
        }
-        if ((i < 0) || (i > SSL_MD_NUM_IDX)) {
+        if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
                *md = NULL;
                if (mac_pkey_type != NULL)
author	miod <>	2014-05-24 19:27:48 +0000
committer	miod <>	2014-05-24 19:27:48 +0000
commit	7b7cf02427def33a12d6a27c01ef7a7e64bc08d3 (patch)
tree	4b16e9c4b4303c6a280db217c581a31b8a84dfe4 /src
parent	894c4a4b30139aab2cf392bc81896b08c6e56390 (diff)
download	openbsd-7b7cf02427def33a12d6a27c01ef7a7e64bc08d3.tar.gz openbsd-7b7cf02427def33a12d6a27c01ef7a7e64bc08d3.tar.bz2 openbsd-7b7cf02427def33a12d6a27c01ef7a7e64bc08d3.zip

diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 77d8a3c79f..4ae3312a1a 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -559,7 +559,7 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
559	break;	559	break;
560	}	560	}
561		561
562	if ((i < 0) \|\| (i > SSL_ENC_NUM_IDX))	562	if ((i < 0) \|\| (i >= SSL_ENC_NUM_IDX))
563	*enc = NULL;	563	*enc = NULL;
564	else {	564	else {
565	if (i == SSL_ENC_NULL_IDX)	565	if (i == SSL_ENC_NULL_IDX)
@@ -591,7 +591,7 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
591	i = -1;	591	i = -1;
592	break;	592	break;
593	}	593	}
594	if ((i < 0) \|\| (i > SSL_MD_NUM_IDX)) {	594	if ((i < 0) \|\| (i >= SSL_MD_NUM_IDX)) {
595	*md = NULL;	595	*md = NULL;
596		596
597	if (mac_pkey_type != NULL)	597	if (mac_pkey_type != NULL)


diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 77d8a3c79f..4ae3312a1a 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -559,7 +559,7 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
559	break;	559	break;
560	}	560	}
561		561
562	if ((i < 0) \|\| (i > SSL_ENC_NUM_IDX))	562	if ((i < 0) \|\| (i >= SSL_ENC_NUM_IDX))
563	*enc = NULL;	563	*enc = NULL;
564	else {	564	else {
565	if (i == SSL_ENC_NULL_IDX)	565	if (i == SSL_ENC_NULL_IDX)
@@ -591,7 +591,7 @@ ssl_cipher_get_evp(const SSL_SESSION s, const EVP_CIPHER *enc,
591	i = -1;	591	i = -1;
592	break;	592	break;
593	}	593	}
594	if ((i < 0) \|\| (i > SSL_MD_NUM_IDX)) {	594	if ((i < 0) \|\| (i >= SSL_MD_NUM_IDX)) {
595	*md = NULL;	595	*md = NULL;
596		596
597	if (mac_pkey_type != NULL)	597	if (mac_pkey_type != NULL)