[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Jul 8 15:22:59 UTC 2016
The branch master has been updated
via 4bbd4ba66dec4ca35502b8fac0315b447fde4d7a (commit)
from 3503549ee8bd59d23d00b9dbbc2444e91fc44746 (commit)
- Log -----------------------------------------------------------------
commit 4bbd4ba66dec4ca35502b8fac0315b447fde4d7a
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jul 7 11:05:31 2016 +0100
Disallow multiple protocol flags to s_server and s_client
We shouldn't allow both "-tls1" and "-tls1_2", or "-tls1" and "-no_tls1_2".
The only time multiple flags are allowed is where they are all "-no_<prot>".
This fixes Github Issue #1268
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.h | 4 ++++
apps/s_client.c | 19 ++++++++++++++++++-
apps/s_server.c | 17 ++++++++++++++++-
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/apps/apps.h b/apps/apps.h
index 319b02e..5faf440 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -274,6 +274,10 @@ int has_stdin_waiting(void);
case OPT_S_DHPARAM: \
case OPT_S_DEBUGBROKE
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+ || o == OPT_S_NOTLS1_2)
+
/*
* Option parsing.
*/
diff --git a/apps/s_client.c b/apps/s_client.c
index e79cf7e..69e225c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -768,6 +768,10 @@ static const OPT_PAIR services[] = {
(o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
/* Free |*dest| and optionally set it to a copy of |source|. */
static void freeandcopy(char **dest, const char *source)
{
@@ -851,7 +855,7 @@ int s_client_main(int argc, char **argv)
char *ctlog_file = NULL;
int ct_validation = 0;
#endif
- int min_version = 0, max_version = 0;
+ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
int async = 0;
unsigned int split_send_fragment = 0;
unsigned int max_pipelines = 0;
@@ -905,6 +909,19 @@ int s_client_main(int argc, char **argv)
prog);
goto end;
}
+
+ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+ goto end;
+ }
+ if (IS_NO_PROT_FLAG(o))
+ no_prot_opt++;
+ if (prot_opt == 1 && no_prot_opt) {
+ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
+ "\"-no_<prot>\"\n");
+ goto end;
+ }
+
switch (o) {
case OPT_EOF:
case OPT_ERR:
diff --git a/apps/s_server.c b/apps/s_server.c
index 45c128d..d545546 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -910,6 +910,10 @@ OPTIONS s_server_options[] = {
{NULL, OPT_EOF, 0, NULL}
};
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+ || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
int s_server_main(int argc, char *argv[])
{
ENGINE *engine = NULL;
@@ -970,7 +974,7 @@ int s_server_main(int argc, char *argv[])
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
#endif
- int min_version = 0, max_version = 0;
+ int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
local_argc = argc;
local_argv = argv;
@@ -984,6 +988,17 @@ int s_server_main(int argc, char *argv[])
prog = opt_init(argc, argv, s_server_options);
while ((o = opt_next()) != OPT_EOF) {
+ if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+ goto end;
+ }
+ if (IS_NO_PROT_FLAG(o))
+ no_prot_opt++;
+ if (prot_opt == 1 && no_prot_opt) {
+ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
+ "\"-no_<prot>\"\n");
+ goto end;
+ }
switch (o) {
case OPT_EOF:
case OPT_ERR:
More information about the openssl-commits
mailing list