properly handle length-zero opaque PRF input values
(which are pointless, but still might occur)
This commit is contained in:
parent
86d4bc3aea
commit
02c27b113c
@ -2369,6 +2369,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||||||
}
|
}
|
||||||
if (s->tlsext_opaque_prf_input != NULL)
|
if (s->tlsext_opaque_prf_input != NULL)
|
||||||
OPENSSL_free(s->tlsext_opaque_prf_input);
|
OPENSSL_free(s->tlsext_opaque_prf_input);
|
||||||
|
if ((size_t)larg == 0)
|
||||||
|
s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
|
||||||
|
else
|
||||||
s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
|
s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
|
||||||
if (s->tlsext_opaque_prf_input != NULL)
|
if (s->tlsext_opaque_prf_input != NULL)
|
||||||
{
|
{
|
||||||
|
13
ssl/t1_lib.c
13
ssl/t1_lib.c
@ -664,7 +664,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
|||||||
|
|
||||||
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
|
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
|
||||||
OPENSSL_free(s->s3->client_opaque_prf_input);
|
OPENSSL_free(s->s3->client_opaque_prf_input);
|
||||||
|
if (s->s3->client_opaque_prf_input_len == 0)
|
||||||
|
s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
|
||||||
|
else
|
||||||
s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
|
s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
|
||||||
if (s->s3->client_opaque_prf_input == NULL)
|
if (s->s3->client_opaque_prf_input == NULL)
|
||||||
{
|
{
|
||||||
@ -777,6 +779,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
|||||||
|
|
||||||
if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
|
if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
|
||||||
OPENSSL_free(s->s3->server_opaque_prf_input);
|
OPENSSL_free(s->s3->server_opaque_prf_input);
|
||||||
|
if (s->s3->server_opaque_prf_input_len == 0)
|
||||||
|
s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
|
||||||
|
else
|
||||||
s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
|
s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
|
||||||
|
|
||||||
if (s->s3->server_opaque_prf_input == NULL)
|
if (s->s3->server_opaque_prf_input == NULL)
|
||||||
@ -890,6 +895,9 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
|
|||||||
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
|
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
|
||||||
OPENSSL_free(s->s3->client_opaque_prf_input);
|
OPENSSL_free(s->s3->client_opaque_prf_input);
|
||||||
|
|
||||||
|
if (s->tlsext_opaque_prf_input_len == 0)
|
||||||
|
s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
|
||||||
|
else
|
||||||
s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
|
s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
|
||||||
if (s->s3->client_opaque_prf_input == NULL)
|
if (s->s3->client_opaque_prf_input == NULL)
|
||||||
{
|
{
|
||||||
@ -990,6 +998,9 @@ int ssl_check_clienthello_tlsext(SSL *s)
|
|||||||
/* can only use this extension if we have a server opaque PRF input
|
/* can only use this extension if we have a server opaque PRF input
|
||||||
* of the same length as the client opaque PRF input! */
|
* of the same length as the client opaque PRF input! */
|
||||||
|
|
||||||
|
if (s->tlsext_opaque_prf_input_len == 0)
|
||||||
|
s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
|
||||||
|
else
|
||||||
s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
|
s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
|
||||||
if (s->s3->server_opaque_prf_input == NULL)
|
if (s->s3->server_opaque_prf_input == NULL)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user