In ssl_cipher_get_evp(), fix off-by-one in index validation before accessing

arrays. "kind of scary" deraadt@, ok guenther@
author: miod <miod@openbsd.org> 2014-05-24 19:27:48 +0000
committer: miod <miod@openbsd.org> 2014-05-24 19:27:48 +0000
commit: 47fa439dfa056d6cef570e9fc667000f1c7e9801 (patch)
tree: 85368526450ee836472202620c36a4368f93e4e7 /lib/libssl/ssl_ciph.c
parent: There is a standalone bootloader now. (diff)
download: wireguard-openbsd-47fa439dfa056d6cef570e9fc667000f1c7e9801.tar.xz
wireguard-openbsd-47fa439dfa056d6cef570e9fc667000f1c7e9801.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 77d8a3c79f3..4ae3312a1a0 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -559,7 +559,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		break;
 	}
 
-	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+	if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
 		*enc = NULL;
 	else {
 		if (i == SSL_ENC_NULL_IDX)
@@ -591,7 +591,7 @@ ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		i = -1;
 		break;
 	}
-	if ((i < 0) || (i > SSL_MD_NUM_IDX)) {
+	if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
 		*md = NULL;
 
 		if (mac_pkey_type != NULL)
author	miod <miod@openbsd.org>	2014-05-24 19:27:48 +0000
committer	miod <miod@openbsd.org>	2014-05-24 19:27:48 +0000
commit	47fa439dfa056d6cef570e9fc667000f1c7e9801 (patch)
tree	85368526450ee836472202620c36a4368f93e4e7 /lib/libssl/ssl_ciph.c
parent	There is a standalone bootloader now. (diff)
download	wireguard-openbsd-47fa439dfa056d6cef570e9fc667000f1c7e9801.tar.xz wireguard-openbsd-47fa439dfa056d6cef570e9fc667000f1c7e9801.zip