[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Aug 13 19:43:28 UTC 2015
The branch master has been updated
via ac63710a3d718cad5c4d151f0e039ce2fe9c732e (commit)
from bc6616a4347d4c30bce1d1918da09f09f84c0403 (commit)
- Log -----------------------------------------------------------------
commit ac63710a3d718cad5c4d151f0e039ce2fe9c732e
Author: Matt Caswell <matt at openssl.org>
Date: Wed Aug 5 15:52:26 2015 +0100
PACKETise Certificate Status message
Process the Certificate Status message using the PACKET API
Reviewed-by: Emilia Käsper <emilia at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 4ebd7aa..dedbfea 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2271,7 +2271,8 @@ int ssl3_get_cert_status(SSL *s)
{
int ok, al;
unsigned long resplen, n;
- const unsigned char *p;
+ unsigned int type;
+ PACKET pkt;
n = s->method->ssl_get_message(s,
SSL3_ST_CR_CERT_STATUS_A,
@@ -2280,31 +2281,36 @@ int ssl3_get_cert_status(SSL *s)
if (!ok)
return ((int)n);
- if (n < 4) {
- /* need at least status type + length */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+
+ if (!PACKET_buf_init(&pkt, s->init_msg, n)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_INTERNAL_ERROR);
goto f_err;
}
- p = (unsigned char *)s->init_msg;
- if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
+ if (!PACKET_get_1(&pkt, &type)
+ || type != TLSEXT_STATUSTYPE_ocsp) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
goto f_err;
}
- n2l3(p, resplen);
- if (resplen + 4 != n) {
+ if (!PACKET_get_net_3(&pkt, &resplen)
+ || PACKET_remaining(&pkt) != resplen) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+ s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
if (!s->tlsext_ocsp_resp) {
al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
goto f_err;
}
+ if (!PACKET_copy_bytes(&pkt, s->tlsext_ocsp_resp, resplen)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
s->tlsext_ocsp_resplen = resplen;
if (s->ctx->tlsext_status_cb) {
int ret;
More information about the openssl-commits
mailing list