[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Wed Sep 16 18:58:58 UTC 2015
The branch master has been updated
via fae11ec714ac8e71d95e824d7102ab5b2ec2e256 (commit)
from 8011f64efbad435efb1c77e9ac38b4d216091c96 (commit)
- Log -----------------------------------------------------------------
commit fae11ec714ac8e71d95e824d7102ab5b2ec2e256
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Sep 15 21:26:32 2015 +0200
Fix return values when adding serverinfo fails.
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR #1128
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_rsa.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 6772441..f23137c 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -747,31 +747,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
*extension_data = NULL;
*extension_length = 0;
if (serverinfo == NULL || serverinfo_length == 0)
- return 0;
+ return -1;
for (;;) {
unsigned int type = 0;
size_t len = 0;
/* end of serverinfo */
if (serverinfo_length == 0)
- return -1; /* Extension not found */
+ return 0; /* Extension not found */
/* read 2-byte type field */
if (serverinfo_length < 2)
- return 0; /* Error */
+ return -1; /* Error */
type = (serverinfo[0] << 8) + serverinfo[1];
serverinfo += 2;
serverinfo_length -= 2;
/* read 2-byte len field */
if (serverinfo_length < 2)
- return 0; /* Error */
+ return -1; /* Error */
len = (serverinfo[0] << 8) + serverinfo[1];
serverinfo += 2;
serverinfo_length -= 2;
if (len > serverinfo_length)
- return 0; /* Error */
+ return -1; /* Error */
if (type == extension_type) {
*extension_data = serverinfo;
@@ -811,10 +811,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
/* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
ext_type, out, outlen);
+ if (retval == -1) {
+ *al = SSL_AD_DECODE_ERROR;
+ return -1; /* Error */
+ }
if (retval == 0)
- return 0; /* Error */
- if (retval == -1)
- return -1; /* No extension found, don't send extension */
+ return 0; /* No extension found, don't send extension */
return 1; /* Send extension */
}
return -1; /* No serverinfo data found, don't send
More information about the openssl-commits
mailing list