summaryrefslogtreecommitdiffstats
path: root/lib/libssl/ssl_lib.c
diff options
context:
space:
mode:
authorjsing <jsing@openbsd.org>2016-09-22 12:34:59 +0000
committerjsing <jsing@openbsd.org>2016-09-22 12:34:59 +0000
commit3c29d729e3866e874c6ed83816807a35bea903a3 (patch)
tree6d609d82809e3b9ae0fc0b687f911d9d950dbe1f /lib/libssl/ssl_lib.c
parentAvoid unbounded memory growth, which can be triggered by a client (diff)
downloadwireguard-openbsd-3c29d729e3866e874c6ed83816807a35bea903a3.tar.xz
wireguard-openbsd-3c29d729e3866e874c6ed83816807a35bea903a3.zip
Improve on code from the previous commit.
ok bcook@
Diffstat (limited to 'lib/libssl/ssl_lib.c')
-rw-r--r--lib/libssl/ssl_lib.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 59a90d4b8e3..35963151663 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.117 2016/09/20 04:25:09 bcook Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.118 2016/09/22 12:34:59 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -2848,6 +2848,7 @@ SSL_CTX *
SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
CERT *ocert = ssl->cert;
+
if (ssl->ctx == ctx)
return (ssl->ctx);
if (ctx == NULL)
@@ -2855,12 +2856,9 @@ SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
ssl->cert = ssl_cert_dup(ctx->cert);
if (ocert != NULL) {
int i;
- /* Copy negotiated digests from original */
- for (i = 0; i < SSL_PKEY_NUM; i++) {
- CERT_PKEY *cpk = ocert->pkeys + i;
- CERT_PKEY *rpk = ssl->cert->pkeys + i;
- rpk->digest = cpk->digest;
- }
+ /* Copy negotiated digests from original certificate. */
+ for (i = 0; i < SSL_PKEY_NUM; i++)
+ ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest;
ssl_cert_free(ocert);
}
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.