From 24c49038fed6f28632c37bd797ee22d51c2f529f Mon Sep 17 00:00:00 2001
From: doug <>
Date: Mon, 9 Feb 2015 07:17:55 +0000
Subject: Return NULL when there are no shared ciphers.

OpenSSL added this change to avoid an out-of-bounds write since
they're accessing p[-1].  We initialize buf and use strrchr() so we
aren't subject to the same OOB write.

However, we should return NULL rather than an empty string when there
are no shared ciphers.

Also, KNF a particularly bad section above here that miod noticed.

Based on OpenSSL commits:
4ee356686f72ff849f6f3d58562224ace732b1a6
308505b838e4e3ce8485bb30f5b26e2766dc7f8b

ok miod@
---
 src/lib/libssl/src/ssl/ssl_lib.c | 10 ++++++----
 src/lib/libssl/ssl_lib.c         | 10 ++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 8ecb37d1be..8ebcb74ab9 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.97 2015/02/09 07:17:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1355,11 +1355,13 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 	size_t			 curlen = 0;
 	int			 i;
 
-	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
-		(len < 2))
-	return (NULL);
+	if (s->session == NULL || s->session->ciphers == NULL || len < 2)
+		return (NULL);
 
 	sk = s->session->ciphers;
+	if (sk_SSL_CIPHER_num(sk) == 0)
+		return (NULL);
+
 	buf[0] = '\0';
 	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
 		c = sk_SSL_CIPHER_value(sk, i);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 8ecb37d1be..8ebcb74ab9 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.97 2015/02/09 07:17:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1355,11 +1355,13 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 	size_t			 curlen = 0;
 	int			 i;
 
-	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
-		(len < 2))
-	return (NULL);
+	if (s->session == NULL || s->session->ciphers == NULL || len < 2)
+		return (NULL);
 
 	sk = s->session->ciphers;
+	if (sk_SSL_CIPHER_num(sk) == 0)
+		return (NULL);
+
 	buf[0] = '\0';
 	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
 		c = sk_SSL_CIPHER_value(sk, i);
-- 
cgit v1.2.3-55-g6feb