From df5b87a6315647dfbae35072a0026034ebe03891 Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 20 Jul 2022 13:57:49 +0000 Subject: Rewrite SSL{_CTX,}_set_alpn_protos() using CBS This simplifies the freeing, assigning and copying of the passed protocols by replacing all that code with a pair of CBS_init() and CBS_stow(). In addition, this aligns the behavior with OpenSSL, which no longer errors on NULL proto or 0 proto_len since 86a90dc7. ok jsing --- src/lib/libssl/ssl_lib.c | 38 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 860a58ddd1..08f2f74097 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.296 2022/07/17 14:49:01 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.297 2022/07/20 13:57:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1763,27 +1763,23 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len) { + CBS cbs; int failed = 1; - if (protos == NULL || protos_len == 0) - goto err; + if (protos == NULL) + protos_len = 0; - free(ctx->internal->alpn_client_proto_list); - ctx->internal->alpn_client_proto_list = NULL; - ctx->internal->alpn_client_proto_list_len = 0; + CBS_init(&cbs, protos, protos_len); - if ((ctx->internal->alpn_client_proto_list = malloc(protos_len)) - == NULL) + if (!CBS_stow(&cbs, &ctx->internal->alpn_client_proto_list, + &ctx->internal->alpn_client_proto_list_len)) goto err; - ctx->internal->alpn_client_proto_list_len = protos_len; - - memcpy(ctx->internal->alpn_client_proto_list, protos, protos_len); failed = 0; err: /* NOTE: Return values are the reverse of what you expect. */ - return (failed); + return failed; } /* @@ -1795,27 +1791,23 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned int protos_len) { + CBS cbs; int failed = 1; - if (protos == NULL || protos_len == 0) - goto err; + if (protos == NULL) + protos_len = 0; - free(ssl->internal->alpn_client_proto_list); - ssl->internal->alpn_client_proto_list = NULL; - ssl->internal->alpn_client_proto_list_len = 0; + CBS_init(&cbs, protos, protos_len); - if ((ssl->internal->alpn_client_proto_list = malloc(protos_len)) - == NULL) + if (!CBS_stow(&cbs, &ssl->internal->alpn_client_proto_list, + &ssl->internal->alpn_client_proto_list_len)) goto err; - ssl->internal->alpn_client_proto_list_len = protos_len; - - memcpy(ssl->internal->alpn_client_proto_list, protos, protos_len); failed = 0; err: /* NOTE: Return values are the reverse of what you expect. */ - return (failed); + return failed; } /* -- cgit v1.2.3-55-g6feb