diff options
| author | schwarze <> | 2020-09-15 15:28:38 +0000 |
|---|---|---|
| committer | schwarze <> | 2020-09-15 15:28:38 +0000 |
| commit | de07a546c0dd7fb709141d106c6a9e837c746852 (patch) | |
| tree | 510aac915f277e88f62fe31aeccae54bceeab3ec /src | |
| parent | 9b0955f4bd0b0ba9534e309a20b55847c1a4c07b (diff) | |
| download | openbsd-de07a546c0dd7fb709141d106c6a9e837c746852.tar.gz openbsd-de07a546c0dd7fb709141d106c6a9e837c746852.tar.bz2 openbsd-de07a546c0dd7fb709141d106c6a9e837c746852.zip | |
Do not destroy an existing cipher list when ssl_parse_ciphersuites()
fails, to match the behaviour of ssl_create_cipher_list(). This also
agrees with the behaviour of SSL_set_ciphersuites(3) in OpenSSL.
Issue found while writing documentation.
OK jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_ciphers.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c index 0912fb6d25..399e274ad4 100644 --- a/src/lib/libssl/ssl_ciphers.c +++ b/src/lib/libssl/ssl_ciphers.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_ciphers.c,v 1.8 2020/09/14 17:52:38 tb Exp $ */ | 1 | /* $OpenBSD: ssl_ciphers.c,v 1.9 2020/09/15 15:28:38 schwarze Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> | 3 | * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org> |
| 4 | * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org> |
| @@ -220,9 +220,6 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str) | |||
| 220 | int i; | 220 | int i; |
| 221 | int ret = 0; | 221 | int ret = 0; |
| 222 | 222 | ||
| 223 | sk_SSL_CIPHER_free(*out_ciphers); | ||
| 224 | *out_ciphers = NULL; | ||
| 225 | |||
| 226 | if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) | 223 | if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) |
| 227 | goto err; | 224 | goto err; |
| 228 | 225 | ||
| @@ -255,6 +252,7 @@ ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str) | |||
| 255 | } | 252 | } |
| 256 | 253 | ||
| 257 | done: | 254 | done: |
| 255 | sk_SSL_CIPHER_free(*out_ciphers); | ||
| 258 | *out_ciphers = ciphers; | 256 | *out_ciphers = ciphers; |
| 259 | ciphers = NULL; | 257 | ciphers = NULL; |
| 260 | ret = 1; | 258 | ret = 1; |