diff options
| author |   beck <beck@openbsd.org> | 2015-07-15 21:52:02 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2015-07-15 21:52:02 +0000 |
| commit | be3495bddf3a80e237bb241f0c8460cae01b573b (patch) | |
| tree | ccacd28f8e340548d608c1380aaf735133369bd2 /lib/libssl/src/ssl/s3_clnt.c | |
| parent | Recognize CARP interfaces when sending packet to a multicast address. (diff) | |
| download | wireguard-openbsd-be3495bddf3a80e237bb241f0c8460cae01b573b.tar.xz wireguard-openbsd-be3495bddf3a80e237bb241f0c8460cae01b573b.zip | |
test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@
Diffstat (limited to 'lib/libssl/src/ssl/s3_clnt.c')
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 6bc5a8b6221..3f7f3a411d5 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.118 2015/07/15 21:52:02 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -996,7 +996,6 @@ ssl3_get_server_certificate(SSL *s) goto f_err; } - CBS_init(&cbs, s->init_msg, n); if ((sk = sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1004,8 +1003,13 @@ ssl3_get_server_certificate(SSL *s) goto err; } - if (n < 0 || CBS_len(&cbs) < 3) + if (n < 0) + goto truncated; + + CBS_init(&cbs, s->init_msg, n); + if (CBS_len(&cbs) < 3) goto truncated; + if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; @@ -1797,9 +1801,16 @@ ssl3_get_cert_status(SSL *s) if (!ok) return ((int)n); - CBS_init(&cert_status, s->init_msg, n); + if (n < 0) { + /* need at least status type + length */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_LENGTH_MISMATCH); + goto f_err; + } - if (n < 0 || !CBS_get_u8(&cert_status, &status_type) || + CBS_init(&cert_status, s->init_msg, n); + if (!CBS_get_u8(&cert_status, &status_type) || CBS_len(&cert_status) < 3) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; |