[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Kurt Roeckx
kurt at openssl.org
Wed Sep 16 19:04:10 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 0711826ae946138b94c19aabbcdc2f716cd98684 (commit)
from 929f6d6f55275b17cfdd5c405ef403bce87c9aef (commit)
- Log -----------------------------------------------------------------
commit 0711826ae946138b94c19aabbcdc2f716cd98684
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Sep 15 21:26:32 2015 +0200
Fix return values when adding serverinfo fails.
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR #1128
(cherry picked from commit fae11ec714ac8e71d95e824d7102ab5b2ec2e256)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_rsa.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b1b2318..237154c 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -750,31 +750,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
*extension_data = NULL;
*extension_length = 0;
if (serverinfo == NULL || serverinfo_length == 0)
- return 0;
+ return -1;
for (;;) {
unsigned int type = 0;
size_t len = 0;
/* end of serverinfo */
if (serverinfo_length == 0)
- return -1; /* Extension not found */
+ return 0; /* Extension not found */
/* read 2-byte type field */
if (serverinfo_length < 2)
- return 0; /* Error */
+ return -1; /* Error */
type = (serverinfo[0] << 8) + serverinfo[1];
serverinfo += 2;
serverinfo_length -= 2;
/* read 2-byte len field */
if (serverinfo_length < 2)
- return 0; /* Error */
+ return -1; /* Error */
len = (serverinfo[0] << 8) + serverinfo[1];
serverinfo += 2;
serverinfo_length -= 2;
if (len > serverinfo_length)
- return 0; /* Error */
+ return -1; /* Error */
if (type == extension_type) {
*extension_data = serverinfo;
@@ -814,10 +814,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
/* Find the relevant extension from the serverinfo */
int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
ext_type, out, outlen);
+ if (retval == -1) {
+ *al = SSL_AD_DECODE_ERROR;
+ return -1; /* Error */
+ }
if (retval == 0)
- return 0; /* Error */
- if (retval == -1)
- return -1; /* No extension found, don't send extension */
+ return 0; /* No extension found, don't send extension */
return 1; /* Send extension */
}
return -1; /* No serverinfo data found, don't send
More information about the openssl-commits
mailing list