[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Feb 9 10:02:17 UTC 2017
The branch master has been updated
via 6d047e06e67cd1f6d83a52b83643e96b4cdbfb51 (commit)
from 68a55f3b451060c747986aeffa322d32c770dd62 (commit)
- Log -----------------------------------------------------------------
commit 6d047e06e67cd1f6d83a52b83643e96b4cdbfb51
Author: Peter Wu <peter at lekensteyn.nl>
Date: Thu Feb 2 12:11:10 2017 +0100
SSL_get_shared_sigalgs: handle negative idx parameter
When idx is negative (as is the case with do_print_sigalgs in
apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read).
Even if the pointer is not dereferenced, this is undefined behavior.
Change the user not to use "-1" as index since the function is
documented to return 0 on out-of-range values.
Tested with `openssl s_server` and `curl -k https://localhost:4433`.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2349)
-----------------------------------------------------------------------
Summary of changes:
apps/s_cb.c | 2 +-
ssl/t1_lib.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 550969d..e0d432d 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -239,7 +239,7 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
int i, nsig, client;
client = SSL_is_server(s) ? 0 : 1;
if (shared)
- nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+ nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
else
nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
if (nsig == 0)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1534a54..43340d4 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1684,6 +1684,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx,
{
const SIGALG_LOOKUP *shsigalgs;
if (s->cert->shared_sigalgs == NULL
+ || idx < 0
|| idx >= (int)s->cert->shared_sigalgslen
|| s->cert->shared_sigalgslen > INT_MAX)
return 0;
More information about the openssl-commits
mailing list