properly handle length-zero opaque PRF input values

(which are pointless, but still might occur)
This commit is contained in:
Bodo Möller 2007-09-23 11:30:53 +00:00
parent 86d4bc3aea
commit 02c27b113c
2 changed files with 20 additions and 6 deletions

View File

@ -2369,7 +2369,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
} }
if (s->tlsext_opaque_prf_input != NULL) if (s->tlsext_opaque_prf_input != NULL)
OPENSSL_free(s->tlsext_opaque_prf_input); OPENSSL_free(s->tlsext_opaque_prf_input);
s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); if ((size_t)larg == 0)
s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
else
s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
if (s->tlsext_opaque_prf_input != NULL) if (s->tlsext_opaque_prf_input != NULL)
{ {
s->tlsext_opaque_prf_input_len = (size_t)larg; s->tlsext_opaque_prf_input_len = (size_t)larg;

View File

@ -664,8 +664,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
OPENSSL_free(s->s3->client_opaque_prf_input); OPENSSL_free(s->s3->client_opaque_prf_input);
if (s->s3->client_opaque_prf_input_len == 0)
s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
else
s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
if (s->s3->client_opaque_prf_input == NULL) if (s->s3->client_opaque_prf_input == NULL)
{ {
*al = TLS1_AD_INTERNAL_ERROR; *al = TLS1_AD_INTERNAL_ERROR;
@ -777,7 +779,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
OPENSSL_free(s->s3->server_opaque_prf_input); OPENSSL_free(s->s3->server_opaque_prf_input);
s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); if (s->s3->server_opaque_prf_input_len == 0)
s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
else
s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
if (s->s3->server_opaque_prf_input == NULL) if (s->s3->server_opaque_prf_input == NULL)
{ {
@ -890,7 +895,10 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
OPENSSL_free(s->s3->client_opaque_prf_input); OPENSSL_free(s->s3->client_opaque_prf_input);
s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); if (s->tlsext_opaque_prf_input_len == 0)
s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
else
s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
if (s->s3->client_opaque_prf_input == NULL) if (s->s3->client_opaque_prf_input == NULL)
{ {
SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
@ -990,7 +998,10 @@ int ssl_check_clienthello_tlsext(SSL *s)
/* can only use this extension if we have a server opaque PRF input /* can only use this extension if we have a server opaque PRF input
* of the same length as the client opaque PRF input! */ * of the same length as the client opaque PRF input! */
s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); if (s->tlsext_opaque_prf_input_len == 0)
s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
else
s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
if (s->s3->server_opaque_prf_input == NULL) if (s->s3->server_opaque_prf_input == NULL)
{ {
ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = SSL_TLSEXT_ERR_ALERT_FATAL;