properly handle length-zero opaque PRF input values

(which are pointless, but still might occur)
2007-09-23 11:30:53 +00:00 · 2007-09-23 11:30:53 +00:00 · 02c27b113c
commit 02c27b113c
parent 86d4bc3aea
2 changed files with 20 additions and 6 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -2369,6 +2369,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 			}
 		if (s->tlsext_opaque_prf_input != NULL)
 			OPENSSL_free(s->tlsext_opaque_prf_input);
+		if ((size_t)larg == 0)
+			s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+		else
 			s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
 		if (s->tlsext_opaque_prf_input != NULL)
 			{
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -664,7 +664,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in

 			if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
 				OPENSSL_free(s->s3->client_opaque_prf_input);
-
+			if (s->s3->client_opaque_prf_input_len == 0)
+				s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+			else
 				s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
 			if (s->s3->client_opaque_prf_input == NULL)
 				{
@ -777,6 +779,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			
 			if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
 				OPENSSL_free(s->s3->server_opaque_prf_input);
+			if (s->s3->server_opaque_prf_input_len == 0)
+				s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+			else
 				s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);

 			if (s->s3->server_opaque_prf_input == NULL)
@ -890,6 +895,9 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
 			if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
 				OPENSSL_free(s->s3->client_opaque_prf_input);

+			if (s->tlsext_opaque_prf_input_len == 0)
+				s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+			else
 				s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
 			if (s->s3->client_opaque_prf_input == NULL)
 				{
@ -990,6 +998,9 @@ int ssl_check_clienthello_tlsext(SSL *s)
 				/* can only use this extension if we have a server opaque PRF input
 				 * of the same length as the client opaque PRF input! */

+				if (s->tlsext_opaque_prf_input_len == 0)
+					s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+				else
 					s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
 				if (s->s3->server_opaque_prf_input == NULL)
 					{