From d476e5eb0d963ef81322912fd1275516345c1646 Mon Sep 17 00:00:00 2001
From: millert <>
Date: Thu, 8 Sep 2022 15:31:12 +0000
Subject: ssl_cipher_process_rulestr: return early if a cipher command is
 invalid This is a safer fix for the bug where we might read outside rule_str
 buffer and is how BoringSSL fixed it.  OK tb@

---
 src/lib/libssl/ssl_ciph.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 106a9befdd..f39cd2f098 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.133 2022/09/07 21:34:22 millert Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.134 2022/09/08 15:31:12 millert Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1010,10 +1010,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
 				 * alphanumeric, so we call this an error.
 				 */
 				SSLerrorx(SSL_R_INVALID_COMMAND);
-				retval = found = 0;
-				if (ch != '\0')
-					l++;
-				break;
+				return 0;
 			}
 
 			if (rule == CIPHER_SPECIAL) {
-- 
cgit v1.2.3-55-g6feb