1 files changed, 18 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 8864366f59..64d317b7ac 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -268,16 +268,23 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
        X509_STORE_CTX xs_ctx;
        X509_OBJECT obj;
+        int no_chain;
+        if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+                no_chain = 1;
+        else
+                no_chain = 0;
        /* TLSv1 sends a chain with nothing in it, instead of an alert */
        buf=s->init_buf;
-        if (!BUF_MEM_grow(buf,(int)(10)))
+        if (!BUF_MEM_grow_clean(buf,10))
                {
                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                return(0);
                }
        if (x != NULL)
                {
-                if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+                if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
                        {
                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
                        return(0);
@@ -286,7 +293,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                for (;;)
                        {
                        n=i2d_X509(x,NULL);
-                        if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                                {
                                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                                return(0);
@@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                        l2n3(n,p);
                        i2d_X509(x,&p);
                        l+=n+3;
+                        if (no_chain)
+                                break;
                        if (X509_NAME_cmp(X509_get_subject_name(x),
                                X509_get_issuer_name(x)) == 0) break;
@@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                         * ref count */
                        X509_free(x);
                        }
+                if (!no_chain)
-                X509_STORE_CTX_cleanup(&xs_ctx);
+                        X509_STORE_CTX_cleanup(&xs_ctx);
                }
        /* Thawte special :-) */
@@ -316,7 +327,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                {
                x=sk_X509_value(s->ctx->extra_certs,i);
                n=i2d_X509(x,NULL);
-                if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
                        {
                        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
                        return(0);
@@ -439,7 +450,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                        SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
                        goto f_err;
                        }
-                if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
+                if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
                        {
                        SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
                        goto err;

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 8864366f59..64d317b7ac 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c
@@ -268,16 +268,23 @@ unsigned long ssl3_output_cert_chain(SSL s, X509 x)
268	X509_STORE_CTX xs_ctx;	268	X509_STORE_CTX xs_ctx;
269	X509_OBJECT obj;	269	X509_OBJECT obj;
270		270
		271	int no_chain;
		272
		273	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) \|\| s->ctx->extra_certs)
		274	no_chain = 1;
		275	else
		276	no_chain = 0;
		277
271	/* TLSv1 sends a chain with nothing in it, instead of an alert */	278	/* TLSv1 sends a chain with nothing in it, instead of an alert */
272	buf=s->init_buf;	279	buf=s->init_buf;
273	if (!BUF_MEM_grow(buf,(int)(10)))	280	if (!BUF_MEM_grow_clean(buf,10))
274	{	281	{
275	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);	282	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
276	return(0);	283	return(0);
277	}	284	}
278	if (x != NULL)	285	if (x != NULL)
279	{	286	{
280	if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))	287	if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
281	{	288	{
282	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);	289	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
283	return(0);	290	return(0);
@@ -286,7 +293,7 @@ unsigned long ssl3_output_cert_chain(SSL s, X509 x)
286	for (;;)	293	for (;;)
287	{	294	{
288	n=i2d_X509(x,NULL);	295	n=i2d_X509(x,NULL);
289	if (!BUF_MEM_grow(buf,(int)(n+l+3)))	296	if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
290	{	297	{
291	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);	298	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
292	return(0);	299	return(0);
@@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL s, X509 x)
295	l2n3(n,p);	302	l2n3(n,p);
296	i2d_X509(x,&p);	303	i2d_X509(x,&p);
297	l+=n+3;	304	l+=n+3;
		305
		306	if (no_chain)
		307	break;
		308
298	if (X509_NAME_cmp(X509_get_subject_name(x),	309	if (X509_NAME_cmp(X509_get_subject_name(x),
299	X509_get_issuer_name(x)) == 0) break;	310	X509_get_issuer_name(x)) == 0) break;
300		311
@@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL s, X509 x)
306	* ref count */	317	* ref count */
307	X509_free(x);	318	X509_free(x);
308	}	319	}
309		320	if (!no_chain)
310	X509_STORE_CTX_cleanup(&xs_ctx);	321	X509_STORE_CTX_cleanup(&xs_ctx);
311	}	322	}
312		323
313	/* Thawte special :-) */	324	/* Thawte special :-) */
@@ -316,7 +327,7 @@ unsigned long ssl3_output_cert_chain(SSL s, X509 x)
316	{	327	{
317	x=sk_X509_value(s->ctx->extra_certs,i);	328	x=sk_X509_value(s->ctx->extra_certs,i);
318	n=i2d_X509(x,NULL);	329	n=i2d_X509(x,NULL);
319	if (!BUF_MEM_grow(buf,(int)(n+l+3)))	330	if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
320	{	331	{
321	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);	332	SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
322	return(0);	333	return(0);
@@ -439,7 +450,7 @@ long ssl3_get_message(SSL s, int st1, int stn, int mt, long max, int ok)
439	SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);	450	SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
440	goto f_err;	451	goto f_err;
441	}	452	}
442	if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))	453	if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
443	{	454	{
444	SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);	455	SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
445	goto err;	456	goto err;