OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Bodo
Moeller
Root: /v/openssl/cvs Email: bodo openssl.org
Module: openssl Date:
23-Sep-2007 13:30:56
Branch: HEAD Handle:
2007092312305102
Modified files:
openssl/ssl s3_lib.c t1_lib.c
Log:
properly handle length-zero opaque PRF input values
(which are pointless, but still might occur)
Summary:
Revision Changes Path
1.118 +4 -1 openssl/ssl/s3_lib.c
1.47 +16 -5 openssl/ssl/t1_lib.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/ssl/s3_lib.c
============================================================
================
$ cvs diff -u -r1.117 -r1.118 s3_lib.c
--- openssl/ssl/s3_lib.c 21 Sep 2007 06:54:17 -0000 1.117
+++ openssl/ssl/s3_lib.c 23 Sep 2007 11:30:51 -0000 1.118
-2369,7 +2369,10
}
if (s->tlsext_opaque_prf_input != NULL)
OPENSSL_free(s->tlsext_opaque_prf_input);
- s->tlsext_opaque_prf_input = BUF_memdup(parg,
(size_t)larg);
+ if ((size_t)larg == 0)
+ s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /*
dummy byte just to get non-NULL */
+ else
+ s->tlsext_opaque_prf_input = BUF_memdup(parg,
(size_t)larg);
if (s->tlsext_opaque_prf_input != NULL)
{
s->tlsext_opaque_prf_input_len = (size_t)larg;
.
patch -p0 <<' .'
Index: openssl/ssl/t1_lib.c
============================================================
================
$ cvs diff -u -r1.46 -r1.47 t1_lib.c
--- openssl/ssl/t1_lib.c 21 Sep 2007 06:54:23 -0000 1.46
+++ openssl/ssl/t1_lib.c 23 Sep 2007 11:30:53 -0000 1.47
-664,8 +664,10
if (s->s3->client_opaque_prf_input != NULL) /*
shouldn't really happen */
OPENSSL_free(s->s3->client_opaque_prf_input);
-
- s->s3->client_opaque_prf_input =
BUF_memdup(sdata,
s->s3->client_opaque_prf_input_len);
+ if (s->s3->client_opaque_prf_input_len == 0)
+ s->s3->client_opaque_prf_input =
OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->client_opaque_prf_input =
BUF_memdup(sdata,
s->s3->client_opaque_prf_input_len);
if (s->s3->client_opaque_prf_input == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
-777,7 +779,10
if (s->s3->server_opaque_prf_input != NULL) /*
shouldn't really happen */
OPENSSL_free(s->s3->server_opaque_prf_input);
- s->s3->server_opaque_prf_input =
BUF_memdup(sdata,
s->s3->server_opaque_prf_input_len);
+ if (s->s3->server_opaque_prf_input_len == 0)
+ s->s3->server_opaque_prf_input =
OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->server_opaque_prf_input =
BUF_memdup(sdata,
s->s3->server_opaque_prf_input_len);
if (s->s3->server_opaque_prf_input == NULL)
{
-890,7 +895,10
if (s->s3->client_opaque_prf_input != NULL) /*
shouldn't really happen */
OPENSSL_free(s->s3->client_opaque_prf_input);
- s->s3->client_opaque_prf_input =
BUF_memdup(s->tlsext_opaque_prf_input,
s->tlsext_opaque_prf_input_len);
+ if (s->tlsext_opaque_prf_input_len == 0)
+ s->s3->client_opaque_prf_input =
OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->client_opaque_prf_input =
BUF_memdup(s->tlsext_opaque_prf_input,
s->tlsext_opaque_prf_input_len);
if (s->s3->client_opaque_prf_input == NULL)
{
SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC
_FAILURE);
-990,7 +998,10
/* can only use this extension if we have a server
opaque PRF input
* of the same length as the client opaque PRF input!
*/
- s->s3->server_opaque_prf_input =
BUF_memdup(s->tlsext_opaque_prf_input,
s->tlsext_opaque_prf_input_len);
+ if (s->tlsext_opaque_prf_input_len == 0)
+ s->s3->server_opaque_prf_input =
OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->server_opaque_prf_input =
BUF_memdup(s->tlsext_opaque_prf_input,
s->tlsext_opaque_prf_input_len);
if (s->s3->server_opaque_prf_input == NULL)
{
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
