[openssl] master update
tomas at openssl.org
tomas at openssl.org
Thu Jan 20 10:12:41 UTC 2022
The branch master has been updated
via 148b592db7ea18e0209078fe313514fb7c7553f5 (commit)
from a822a0cb3c8466adbcee510a6234c0fe95ff4bfe (commit)
- Log -----------------------------------------------------------------
commit 148b592db7ea18e0209078fe313514fb7c7553f5
Author: Hubert Kario <hkario at redhat.com>
Date: Mon Jan 17 20:55:04 2022 +0100
s_server: correctly handle 2^14 byte long records
as the code uses BIO_gets, and it always null terminates the
strings it reads, when it reads a record 2^14 byte long, it actually
returns 2^14-1 bytes to the calling application, in general it returns
size-1 bytes to the caller
This makes the code sub-optimal (as every 2^14 record will need two
BIO_gets() calls) and makes it impossible to use -rev option to test
all plaintext lengths (like in openssl#15706)
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17538)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 9f05cb120a..5ec053b45b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3000,7 +3000,9 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
/* Set width for a select call if needed */
width = s + 1;
- p = buf = app_malloc(bufsize, "server www buffer");
+ /* as we use BIO_gets(), and it always null terminates data, we need
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+ p = buf = app_malloc(bufsize + 1, "server www buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
@@ -3065,7 +3067,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
}
for (;;) {
- i = BIO_gets(io, buf, bufsize - 1);
+ i = BIO_gets(io, buf, bufsize + 1);
if (i < 0) { /* error */
if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
if (!s_quiet)
@@ -3129,7 +3131,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
* we're expecting to come from the client. If they haven't
* sent one there's not much we can do.
*/
- BIO_gets(io, buf, bufsize - 1);
+ BIO_gets(io, buf, bufsize + 1);
}
BIO_puts(io,
@@ -3412,7 +3414,9 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
SSL *con;
BIO *io, *ssl_bio, *sbio;
- buf = app_malloc(bufsize, "server rev buffer");
+ /* as we use BIO_gets(), and it always null terminates data, we need
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+ buf = app_malloc(bufsize + 1, "server rev buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
@@ -3487,7 +3491,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
print_ssl_summary(con);
for (;;) {
- i = BIO_gets(io, buf, bufsize - 1);
+ i = BIO_gets(io, buf, bufsize + 1);
if (i < 0) { /* error */
if (!BIO_should_retry(io)) {
if (!s_quiet)
More information about the openssl-commits
mailing list