[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Aug 4 13:11:22 UTC 2015
The branch master has been updated
via c3fc7eeab884b6876a1b4006163f190d325aa047 (commit)
from f532a35d2ac4364c4ce0f0a68170b2a2228469cc (commit)
- Log -----------------------------------------------------------------
commit c3fc7eeab884b6876a1b4006163f190d325aa047
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 4 13:52:03 2015 +0100
PACKETise NextProto
Change NextProto message processing to use the PACKET API.
Reviewed-by: Stephen Henson <steve at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_srvr.c | 43 ++++++++++++++++++++++++-------------------
1 file changed, 24 insertions(+), 19 deletions(-)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 3072270..b60c962 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3400,9 +3400,9 @@ int ssl3_send_cert_status(SSL *s)
int ssl3_get_next_proto(SSL *s)
{
int ok;
- int proto_len, padding_len;
+ unsigned int proto_len, padding_len;
long n;
- const unsigned char *p;
+ PACKET pkt;
/*
* Clients cannot send a NextProtocol message if we didn't see the
@@ -3436,11 +3436,13 @@ int ssl3_get_next_proto(SSL *s)
}
if (n < 2) {
- s->state = SSL_ST_ERR;
- return 0; /* The body must be > 1 bytes long */
+ goto err; /* The body must be > 1 bytes long */
}
- p = (unsigned char *)s->init_msg;
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
/*-
* The payload looks like:
@@ -3449,27 +3451,30 @@ int ssl3_get_next_proto(SSL *s)
* uint8 padding_len;
* uint8 padding[padding_len];
*/
- proto_len = p[0];
- if (proto_len + 2 > s->init_num) {
- s->state = SSL_ST_ERR;
- return 0;
- }
- padding_len = p[proto_len + 1];
- if (proto_len + padding_len + 2 != s->init_num) {
- s->state = SSL_ST_ERR;
- return 0;
+ if (!PACKET_get_1(&pkt, &proto_len)){
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
s->next_proto_negotiated = OPENSSL_malloc(proto_len);
- if (!s->next_proto_negotiated) {
+ if (s->next_proto_negotiated == NULL) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
- s->state = SSL_ST_ERR;
- return 0;
+ goto err;
+ }
+
+ if (!PACKET_copy_bytes(&pkt, s->next_proto_negotiated, proto_len)
+ || !PACKET_get_1(&pkt, &padding_len)
+ || PACKET_remaining(&pkt) != padding_len) {
+ OPENSSL_free(s->next_proto_negotiated);
+ s->next_proto_negotiated = NULL;
+ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_LENGTH_MISMATCH);
+ goto err;
}
- memcpy(s->next_proto_negotiated, p + 1, proto_len);
- s->next_proto_negotiated_len = proto_len;
return 1;
+err:
+ s->state = SSL_ST_ERR;
+ return 0;
}
#endif
More information about the openssl-commits
mailing list