diff options
| author | millert <> | 2022-09-08 15:31:12 +0000 |
|---|---|---|
| committer | millert <> | 2022-09-08 15:31:12 +0000 |
| commit | d476e5eb0d963ef81322912fd1275516345c1646 (patch) | |
| tree | 97afbf4d5d463b09a6a056dfad26b760b01468d3 /src | |
| parent | 0ca9d5c5e38e348ed9be8a958a2821455bf161be (diff) | |
| download | openbsd-d476e5eb0d963ef81322912fd1275516345c1646.tar.gz openbsd-d476e5eb0d963ef81322912fd1275516345c1646.tar.bz2 openbsd-d476e5eb0d963ef81322912fd1275516345c1646.zip | |
ssl_cipher_process_rulestr: return early if a cipher command is invalid
This is a safer fix for the bug where we might read outside rule_str
buffer and is how BoringSSL fixed it. OK tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 106a9befdd..f39cd2f098 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.133 2022/09/07 21:34:22 millert Exp $ */ | 1 | /* $OpenBSD: ssl_ciph.c,v 1.134 2022/09/08 15:31:12 millert Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1010,10 +1010,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, | |||
| 1010 | * alphanumeric, so we call this an error. | 1010 | * alphanumeric, so we call this an error. |
| 1011 | */ | 1011 | */ |
| 1012 | SSLerrorx(SSL_R_INVALID_COMMAND); | 1012 | SSLerrorx(SSL_R_INVALID_COMMAND); |
| 1013 | retval = found = 0; | 1013 | return 0; |
| 1014 | if (ch != '\0') | ||
| 1015 | l++; | ||
| 1016 | break; | ||
| 1017 | } | 1014 | } |
| 1018 | 1015 | ||
| 1019 | if (rule == CIPHER_SPECIAL) { | 1016 | if (rule == CIPHER_SPECIAL) { |