summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authormiod <>2014-05-24 15:20:35 +0000
committermiod <>2014-05-24 15:20:35 +0000
commita5d2477869eef9687a4a5e983f5595651084c7d0 (patch)
treec396afb4f4c092be84e96b2d62f9a04017d74d6b /src
parent244943835acb49a7a43b4ea66562112fb4b5031e (diff)
downloadopenbsd-a5d2477869eef9687a4a5e983f5595651084c7d0.tar.gz
openbsd-a5d2477869eef9687a4a5e983f5595651084c7d0.tar.bz2
openbsd-a5d2477869eef9687a4a5e983f5595651084c7d0.zip
Code using malloc() in ssl23_get_client_hello() got removed 12 years ago,
it's time to remove the test for a possible need to free(). ok jsing@
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/s23_srvr.c59
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c59
2 files changed, 54 insertions, 64 deletions
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 94e669ae14..53e06706e3 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -261,20 +261,21 @@ end:
261int 261int
262ssl23_get_client_hello(SSL *s) 262ssl23_get_client_hello(SSL *s)
263{ 263{
264 char buf_space[11]; /* Request this many bytes in initial read. 264 char buf[11];
265 * We can detect SSL 3.0/TLS 1.0 Client Hellos 265 /*
266 * ('type == 3') correctly only when the following 266 * sizeof(buf) == 11, because we'll need to request this many bytes in
267 * is in a single record, which is not guaranteed by 267 * the initial read.
268 * the protocol specification: 268 * We can detect SSL 3.0/TLS 1.0 Client Hellos ('type == 3') correctly
269 * Byte Content 269 * only when the following is in a single record, which is not
270 * 0 type \ 270 * guaranteed by the protocol specification:
271 * 1/2 version > record header 271 * Byte Content
272 * 3/4 length / 272 * 0 type \
273 * 5 msg_type \ 273 * 1/2 version > record header
274 * 6-8 length > Client Hello message 274 * 3/4 length /
275 * 9/10 client_version / 275 * 5 msg_type \
276 */ 276 * 6-8 length > Client Hello message
277 char *buf = &(buf_space[0]); 277 * 9/10 client_version /
278 */
278 unsigned char *p, *d, *d_len, *dd; 279 unsigned char *p, *d, *d_len, *dd;
279 unsigned int i; 280 unsigned int i;
280 unsigned int csl, sil, cl; 281 unsigned int csl, sil, cl;
@@ -287,11 +288,11 @@ ssl23_get_client_hello(SSL *s)
287 v[0] = v[1] = 0; 288 v[0] = v[1] = 0;
288 289
289 if (!ssl3_setup_buffers(s)) 290 if (!ssl3_setup_buffers(s))
290 goto err; 291 return -1;
291 292
292 n = ssl23_read_bytes(s, sizeof buf_space); 293 n = ssl23_read_bytes(s, sizeof buf);
293 if (n != sizeof buf_space) 294 if (n != sizeof buf)
294 return(n); /* n == -1 || n == 0 */ 295 return(n);
295 296
296 p = s->packet; 297 p = s->packet;
297 298
@@ -404,10 +405,10 @@ ssl23_get_client_hello(SSL *s)
404 (strncmp("HEAD ",(char *)p, 5) == 0) || 405 (strncmp("HEAD ",(char *)p, 5) == 0) ||
405 (strncmp("PUT ", (char *)p, 4) == 0)) { 406 (strncmp("PUT ", (char *)p, 4) == 0)) {
406 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST); 407 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
407 goto err; 408 return -1;
408 } else if (strncmp("CONNECT", (char *)p, 7) == 0) { 409 } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
409 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST); 410 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
410 goto err; 411 return -1;
411 } 412 }
412 } 413 }
413 414
@@ -423,7 +424,7 @@ ssl23_get_client_hello(SSL *s)
423 n = ((p[0] & 0x7f) << 8) | p[1]; 424 n = ((p[0] & 0x7f) << 8) | p[1];
424 if (n > (1024 * 4)) { 425 if (n > (1024 * 4)) {
425 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); 426 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
426 goto err; 427 return -1;
427 } 428 }
428 429
429 j = ssl23_read_bytes(s, n + 2); 430 j = ssl23_read_bytes(s, n + 2);
@@ -449,7 +450,7 @@ ssl23_get_client_hello(SSL *s)
449 */ 450 */
450 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, 451 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
451 SSL_R_RECORD_LENGTH_MISMATCH); 452 SSL_R_RECORD_LENGTH_MISMATCH);
452 goto err; 453 return -1;
453 } 454 }
454 455
455 /* record header: msg_type ... */ 456 /* record header: msg_type ... */
@@ -511,14 +512,14 @@ ssl23_get_client_hello(SSL *s)
511 512
512 if (type == 1) { 513 if (type == 1) {
513 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 514 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
514 goto err; 515 return -1;
515 } 516 }
516 517
517 if ((type == 2) || (type == 3)) { 518 if ((type == 2) || (type == 3)) {
518 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ 519 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
519 520
520 if (!ssl_init_wbio_buffer(s, 1)) 521 if (!ssl_init_wbio_buffer(s, 1))
521 goto err; 522 return -1;
522 523
523 /* we are in this state */ 524 /* we are in this state */
524 s->state = SSL3_ST_SR_CLNT_HELLO_A; 525 s->state = SSL3_ST_SR_CLNT_HELLO_A;
@@ -530,7 +531,7 @@ ssl23_get_client_hello(SSL *s)
530 s->packet_length = n; 531 s->packet_length = n;
531 if (s->s3->rbuf.buf == NULL) 532 if (s->s3->rbuf.buf == NULL)
532 if (!ssl3_setup_read_buffer(s)) 533 if (!ssl3_setup_read_buffer(s))
533 goto err; 534 return -1;
534 535
535 s->packet = &(s->s3->rbuf.buf[0]); 536 s->packet = &(s->s3->rbuf.buf[0]);
536 memcpy(s->packet, buf, n); 537 memcpy(s->packet, buf, n);
@@ -558,15 +559,9 @@ ssl23_get_client_hello(SSL *s)
558 if ((type < 1) || (type > 3)) { 559 if ((type < 1) || (type > 3)) {
559 /* bad, very bad */ 560 /* bad, very bad */
560 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); 561 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
561 goto err; 562 return -1;
562 } 563 }
563 s->init_num = 0; 564 s->init_num = 0;
564 565
565 if (buf != buf_space)
566 free(buf);
567 return (SSL_accept(s)); 566 return (SSL_accept(s));
568err:
569 if (buf != buf_space)
570 free(buf);
571 return (-1);
572} 567}
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 94e669ae14..53e06706e3 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -261,20 +261,21 @@ end:
261int 261int
262ssl23_get_client_hello(SSL *s) 262ssl23_get_client_hello(SSL *s)
263{ 263{
264 char buf_space[11]; /* Request this many bytes in initial read. 264 char buf[11];
265 * We can detect SSL 3.0/TLS 1.0 Client Hellos 265 /*
266 * ('type == 3') correctly only when the following 266 * sizeof(buf) == 11, because we'll need to request this many bytes in
267 * is in a single record, which is not guaranteed by 267 * the initial read.
268 * the protocol specification: 268 * We can detect SSL 3.0/TLS 1.0 Client Hellos ('type == 3') correctly
269 * Byte Content 269 * only when the following is in a single record, which is not
270 * 0 type \ 270 * guaranteed by the protocol specification:
271 * 1/2 version > record header 271 * Byte Content
272 * 3/4 length / 272 * 0 type \
273 * 5 msg_type \ 273 * 1/2 version > record header
274 * 6-8 length > Client Hello message 274 * 3/4 length /
275 * 9/10 client_version / 275 * 5 msg_type \
276 */ 276 * 6-8 length > Client Hello message
277 char *buf = &(buf_space[0]); 277 * 9/10 client_version /
278 */
278 unsigned char *p, *d, *d_len, *dd; 279 unsigned char *p, *d, *d_len, *dd;
279 unsigned int i; 280 unsigned int i;
280 unsigned int csl, sil, cl; 281 unsigned int csl, sil, cl;
@@ -287,11 +288,11 @@ ssl23_get_client_hello(SSL *s)
287 v[0] = v[1] = 0; 288 v[0] = v[1] = 0;
288 289
289 if (!ssl3_setup_buffers(s)) 290 if (!ssl3_setup_buffers(s))
290 goto err; 291 return -1;
291 292
292 n = ssl23_read_bytes(s, sizeof buf_space); 293 n = ssl23_read_bytes(s, sizeof buf);
293 if (n != sizeof buf_space) 294 if (n != sizeof buf)
294 return(n); /* n == -1 || n == 0 */ 295 return(n);
295 296
296 p = s->packet; 297 p = s->packet;
297 298
@@ -404,10 +405,10 @@ ssl23_get_client_hello(SSL *s)
404 (strncmp("HEAD ",(char *)p, 5) == 0) || 405 (strncmp("HEAD ",(char *)p, 5) == 0) ||
405 (strncmp("PUT ", (char *)p, 4) == 0)) { 406 (strncmp("PUT ", (char *)p, 4) == 0)) {
406 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST); 407 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
407 goto err; 408 return -1;
408 } else if (strncmp("CONNECT", (char *)p, 7) == 0) { 409 } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
409 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST); 410 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
410 goto err; 411 return -1;
411 } 412 }
412 } 413 }
413 414
@@ -423,7 +424,7 @@ ssl23_get_client_hello(SSL *s)
423 n = ((p[0] & 0x7f) << 8) | p[1]; 424 n = ((p[0] & 0x7f) << 8) | p[1];
424 if (n > (1024 * 4)) { 425 if (n > (1024 * 4)) {
425 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); 426 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
426 goto err; 427 return -1;
427 } 428 }
428 429
429 j = ssl23_read_bytes(s, n + 2); 430 j = ssl23_read_bytes(s, n + 2);
@@ -449,7 +450,7 @@ ssl23_get_client_hello(SSL *s)
449 */ 450 */
450 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, 451 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
451 SSL_R_RECORD_LENGTH_MISMATCH); 452 SSL_R_RECORD_LENGTH_MISMATCH);
452 goto err; 453 return -1;
453 } 454 }
454 455
455 /* record header: msg_type ... */ 456 /* record header: msg_type ... */
@@ -511,14 +512,14 @@ ssl23_get_client_hello(SSL *s)
511 512
512 if (type == 1) { 513 if (type == 1) {
513 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); 514 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
514 goto err; 515 return -1;
515 } 516 }
516 517
517 if ((type == 2) || (type == 3)) { 518 if ((type == 2) || (type == 3)) {
518 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ 519 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
519 520
520 if (!ssl_init_wbio_buffer(s, 1)) 521 if (!ssl_init_wbio_buffer(s, 1))
521 goto err; 522 return -1;
522 523
523 /* we are in this state */ 524 /* we are in this state */
524 s->state = SSL3_ST_SR_CLNT_HELLO_A; 525 s->state = SSL3_ST_SR_CLNT_HELLO_A;
@@ -530,7 +531,7 @@ ssl23_get_client_hello(SSL *s)
530 s->packet_length = n; 531 s->packet_length = n;
531 if (s->s3->rbuf.buf == NULL) 532 if (s->s3->rbuf.buf == NULL)
532 if (!ssl3_setup_read_buffer(s)) 533 if (!ssl3_setup_read_buffer(s))
533 goto err; 534 return -1;
534 535
535 s->packet = &(s->s3->rbuf.buf[0]); 536 s->packet = &(s->s3->rbuf.buf[0]);
536 memcpy(s->packet, buf, n); 537 memcpy(s->packet, buf, n);
@@ -558,15 +559,9 @@ ssl23_get_client_hello(SSL *s)
558 if ((type < 1) || (type > 3)) { 559 if ((type < 1) || (type > 3)) {
559 /* bad, very bad */ 560 /* bad, very bad */
560 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); 561 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
561 goto err; 562 return -1;
562 } 563 }
563 s->init_num = 0; 564 s->init_num = 0;
564 565
565 if (buf != buf_space)
566 free(buf);
567 return (SSL_accept(s)); 566 return (SSL_accept(s));
568err:
569 if (buf != buf_space)
570 free(buf);
571 return (-1);
572} 567}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:32:36 +0000