diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 34 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 34 |
2 files changed, 28 insertions, 40 deletions
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index fd423a9135..e901a901da 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.78 2015/06/19 01:38:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1153,10 +1153,9 @@ static int | |||
| 1153 | tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, | 1153 | tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, |
| 1154 | unsigned int data_len, int *al) | 1154 | unsigned int data_len, int *al) |
| 1155 | { | 1155 | { |
| 1156 | CBS cbs, proto_name_list, alpn; | ||
| 1156 | const unsigned char *selected; | 1157 | const unsigned char *selected; |
| 1157 | unsigned char selected_len; | 1158 | unsigned char selected_len; |
| 1158 | unsigned int proto_len; | ||
| 1159 | unsigned int i; | ||
| 1160 | int r; | 1159 | int r; |
| 1161 | 1160 | ||
| 1162 | if (s->ctx->alpn_select_cb == NULL) | 1161 | if (s->ctx->alpn_select_cb == NULL) |
| @@ -1165,34 +1164,29 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, | |||
| 1165 | if (data_len < 2) | 1164 | if (data_len < 2) |
| 1166 | goto parse_error; | 1165 | goto parse_error; |
| 1167 | 1166 | ||
| 1167 | CBS_init(&cbs, data, data_len); | ||
| 1168 | |||
| 1168 | /* | 1169 | /* |
| 1169 | * data should contain a uint16 length followed by a series of 8-bit, | 1170 | * data should contain a uint16 length followed by a series of 8-bit, |
| 1170 | * length-prefixed strings. | 1171 | * length-prefixed strings. |
| 1171 | */ | 1172 | */ |
| 1172 | i = ((unsigned int)data[0]) << 8 | ((unsigned int)data[1]); | 1173 | if (!CBS_get_u16_length_prefixed(&cbs, &alpn) || |
| 1173 | data_len -= 2; | 1174 | CBS_len(&alpn) < 2 || |
| 1174 | data += 2; | 1175 | CBS_len(&cbs) != 0) |
| 1175 | if (data_len != i) | ||
| 1176 | goto parse_error; | ||
| 1177 | |||
| 1178 | if (data_len < 2) | ||
| 1179 | goto parse_error; | 1176 | goto parse_error; |
| 1180 | 1177 | ||
| 1181 | for (i = 0; i < data_len; ) { | 1178 | /* Validate data before sending to callback. */ |
| 1182 | proto_len = data[i]; | 1179 | CBS_dup(&alpn, &proto_name_list); |
| 1183 | i++; | 1180 | while (CBS_len(&proto_name_list) > 0) { |
| 1184 | 1181 | CBS proto_name; | |
| 1185 | if (proto_len == 0) | ||
| 1186 | goto parse_error; | ||
| 1187 | 1182 | ||
| 1188 | if (i + proto_len < i || i + proto_len > data_len) | 1183 | if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name) || |
| 1184 | CBS_len(&proto_name) == 0) | ||
| 1189 | goto parse_error; | 1185 | goto parse_error; |
| 1190 | |||
| 1191 | i += proto_len; | ||
| 1192 | } | 1186 | } |
| 1193 | 1187 | ||
| 1194 | r = s->ctx->alpn_select_cb(s, &selected, &selected_len, | 1188 | r = s->ctx->alpn_select_cb(s, &selected, &selected_len, |
| 1195 | data, data_len, s->ctx->alpn_select_cb_arg); | 1189 | CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg); |
| 1196 | if (r == SSL_TLSEXT_ERR_OK) { | 1190 | if (r == SSL_TLSEXT_ERR_OK) { |
| 1197 | free(s->s3->alpn_selected); | 1191 | free(s->s3->alpn_selected); |
| 1198 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { | 1192 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index fd423a9135..e901a901da 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.78 2015/06/19 01:38:54 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1153,10 +1153,9 @@ static int | |||
| 1153 | tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, | 1153 | tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, |
| 1154 | unsigned int data_len, int *al) | 1154 | unsigned int data_len, int *al) |
| 1155 | { | 1155 | { |
| 1156 | CBS cbs, proto_name_list, alpn; | ||
| 1156 | const unsigned char *selected; | 1157 | const unsigned char *selected; |
| 1157 | unsigned char selected_len; | 1158 | unsigned char selected_len; |
| 1158 | unsigned int proto_len; | ||
| 1159 | unsigned int i; | ||
| 1160 | int r; | 1159 | int r; |
| 1161 | 1160 | ||
| 1162 | if (s->ctx->alpn_select_cb == NULL) | 1161 | if (s->ctx->alpn_select_cb == NULL) |
| @@ -1165,34 +1164,29 @@ tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, | |||
| 1165 | if (data_len < 2) | 1164 | if (data_len < 2) |
| 1166 | goto parse_error; | 1165 | goto parse_error; |
| 1167 | 1166 | ||
| 1167 | CBS_init(&cbs, data, data_len); | ||
| 1168 | |||
| 1168 | /* | 1169 | /* |
| 1169 | * data should contain a uint16 length followed by a series of 8-bit, | 1170 | * data should contain a uint16 length followed by a series of 8-bit, |
| 1170 | * length-prefixed strings. | 1171 | * length-prefixed strings. |
| 1171 | */ | 1172 | */ |
| 1172 | i = ((unsigned int)data[0]) << 8 | ((unsigned int)data[1]); | 1173 | if (!CBS_get_u16_length_prefixed(&cbs, &alpn) || |
| 1173 | data_len -= 2; | 1174 | CBS_len(&alpn) < 2 || |
| 1174 | data += 2; | 1175 | CBS_len(&cbs) != 0) |
| 1175 | if (data_len != i) | ||
| 1176 | goto parse_error; | ||
| 1177 | |||
| 1178 | if (data_len < 2) | ||
| 1179 | goto parse_error; | 1176 | goto parse_error; |
| 1180 | 1177 | ||
| 1181 | for (i = 0; i < data_len; ) { | 1178 | /* Validate data before sending to callback. */ |
| 1182 | proto_len = data[i]; | 1179 | CBS_dup(&alpn, &proto_name_list); |
| 1183 | i++; | 1180 | while (CBS_len(&proto_name_list) > 0) { |
| 1184 | 1181 | CBS proto_name; | |
| 1185 | if (proto_len == 0) | ||
| 1186 | goto parse_error; | ||
| 1187 | 1182 | ||
| 1188 | if (i + proto_len < i || i + proto_len > data_len) | 1183 | if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name) || |
| 1184 | CBS_len(&proto_name) == 0) | ||
| 1189 | goto parse_error; | 1185 | goto parse_error; |
| 1190 | |||
| 1191 | i += proto_len; | ||
| 1192 | } | 1186 | } |
| 1193 | 1187 | ||
| 1194 | r = s->ctx->alpn_select_cb(s, &selected, &selected_len, | 1188 | r = s->ctx->alpn_select_cb(s, &selected, &selected_len, |
| 1195 | data, data_len, s->ctx->alpn_select_cb_arg); | 1189 | CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg); |
| 1196 | if (r == SSL_TLSEXT_ERR_OK) { | 1190 | if (r == SSL_TLSEXT_ERR_OK) { |
| 1197 | free(s->s3->alpn_selected); | 1191 | free(s->s3->alpn_selected); |
| 1198 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { | 1192 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { |