From 55a704a90e9e377c223d07834fbadb44be0ab0a2 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 19 Jul 2021 08:42:24 +0000 Subject: Mop up dtls1_get_ccs_header() and struct ccs_header_st. All this code does is read one byte from memory with an unknown length, potentially being a one byte overread... and then nothing is actually done with the value. ok tb@ --- src/lib/libssl/d1_both.c | 10 +--------- src/lib/libssl/d1_pkt.c | 6 +----- src/lib/libssl/dtls_locl.h | 8 +------- 3 files changed, 3 insertions(+), 21 deletions(-) diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 2e5e86641c..61dc47b4b7 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_both.c,v 1.76 2021/07/01 17:53:39 jsing Exp $ */ +/* $OpenBSD: d1_both.c,v 1.77 2021/07/19 08:42:24 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1202,11 +1202,3 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) return 1; } - -void -dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) -{ - memset(ccs_hdr, 0, sizeof(struct ccs_header_st)); - - ccs_hdr->type = *(data++); -} diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c index 36dd255722..2610206797 100644 --- a/src/lib/libssl/d1_pkt.c +++ b/src/lib/libssl/d1_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_pkt.c,v 1.100 2021/07/19 08:39:28 jsing Exp $ */ +/* $OpenBSD: d1_pkt.c,v 1.101 2021/07/19 08:42:24 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -835,10 +835,6 @@ dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - struct ccs_header_st ccs_hdr; - - dtls1_get_ccs_header(rr->data, &ccs_hdr); - /* 'Change Cipher Spec' is just a single byte, so we know * exactly what the record payload has to look like */ /* XDTLS: check that epoch is consistent */ diff --git a/src/lib/libssl/dtls_locl.h b/src/lib/libssl/dtls_locl.h index 9bf1fe6661..9e0699d098 100644 --- a/src/lib/libssl/dtls_locl.h +++ b/src/lib/libssl/dtls_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls_locl.h,v 1.1 2021/05/16 13:56:30 jsing Exp $ */ +/* $OpenBSD: dtls_locl.h,v 1.2 2021/07/19 08:42:24 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -93,11 +93,6 @@ struct hm_header_st { struct dtls1_retransmit_state saved_retransmit_state; }; -struct ccs_header_st { - unsigned char type; - unsigned short seq; -}; - struct dtls1_timeout_st { /* Number of read timeouts so far */ unsigned int read_timeouts; @@ -225,7 +220,6 @@ int dtls1_retransmit_buffered_messages(SSL *s); void dtls1_clear_record_buffer(SSL *s); int dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); -void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); void dtls1_reset_read_seq_numbers(SSL *s); struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); int dtls1_check_timeout_num(SSL *s); -- cgit v1.2.3-55-g6feb