[openssl-commits] [openssl] master update

Kurt Roeckx kurt at openssl.org
Wed Sep 16 18:58:58 UTC 2015


The branch master has been updated
       via  fae11ec714ac8e71d95e824d7102ab5b2ec2e256 (commit)
      from  8011f64efbad435efb1c77e9ac38b4d216091c96 (commit)


- Log -----------------------------------------------------------------
commit fae11ec714ac8e71d95e824d7102ab5b2ec2e256
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Tue Sep 15 21:26:32 2015 +0200

    Fix return values when adding serverinfo fails.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1128

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_rsa.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 6772441..f23137c 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -747,31 +747,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
     *extension_data = NULL;
     *extension_length = 0;
     if (serverinfo == NULL || serverinfo_length == 0)
-        return 0;
+        return -1;
     for (;;) {
         unsigned int type = 0;
         size_t len = 0;
 
         /* end of serverinfo */
         if (serverinfo_length == 0)
-            return -1;          /* Extension not found */
+            return 0;           /* Extension not found */
 
         /* read 2-byte type field */
         if (serverinfo_length < 2)
-            return 0;           /* Error */
+            return -1;          /* Error */
         type = (serverinfo[0] << 8) + serverinfo[1];
         serverinfo += 2;
         serverinfo_length -= 2;
 
         /* read 2-byte len field */
         if (serverinfo_length < 2)
-            return 0;           /* Error */
+            return -1;          /* Error */
         len = (serverinfo[0] << 8) + serverinfo[1];
         serverinfo += 2;
         serverinfo_length -= 2;
 
         if (len > serverinfo_length)
-            return 0;           /* Error */
+            return -1;          /* Error */
 
         if (type == extension_type) {
             *extension_data = serverinfo;
@@ -811,10 +811,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
         /* Find the relevant extension from the serverinfo */
         int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
                                                ext_type, out, outlen);
+        if (retval == -1) {
+            *al = SSL_AD_DECODE_ERROR;
+            return -1;          /* Error */
+        }
         if (retval == 0)
-            return 0;           /* Error */
-        if (retval == -1)
-            return -1;          /* No extension found, don't send extension */
+            return 0;           /* No extension found, don't send extension */
         return 1;               /* Send extension */
     }
     return -1;                  /* No serverinfo data found, don't send


More information about the openssl-commits mailing list