generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix incorrect OPENSSL_assert() usage.

Browse Source 
Return an error code for I/O errors instead of an assertion failure.

PR#3470
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Michael Tuexen 2014-11-16 17:29:08 +00:00 committed by Dr. Stephen Henson
parent e03b29871b
commit 2521fcd852
1 changed files with 64 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
crypto/bio/bss_dgram.c
View File

@ -975,10 +975,18 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
/* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
OPENSSL_assert(ret >= 0); if (ret < 0)
{
BIO_vfree(bio);
return(NULL);
}
auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk)); ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
OPENSSL_assert(ret >= 0); if (ret < 0)
{
BIO_vfree(bio);
return(NULL);
}
/* Test if activation was successful. When using accept(), /* Test if activation was successful. When using accept(),
* SCTP-AUTH has to be activated for the listening socket * SCTP-AUTH has to be activated for the listening socket
@ -987,7 +995,13 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
authchunks = OPENSSL_malloc(sockopt_len); authchunks = OPENSSL_malloc(sockopt_len);
memset(authchunks, 0, sockopt_len); memset(authchunks, 0, sockopt_len);
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
OPENSSL_assert(ret >= 0);
if (ret < 0)
{
OPENSSL_free(authchunks);
BIO_vfree(bio);
return(NULL);
}
for (p = (unsigned char*) authchunks->gauth_chunks; for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + sockopt_len; p < (unsigned char*) authchunks + sockopt_len;
@ -1009,16 +1023,28 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
event.se_type = SCTP_AUTHENTICATION_EVENT; event.se_type = SCTP_AUTHENTICATION_EVENT;
event.se_on = 1; event.se_on = 1;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
OPENSSL_assert(ret >= 0); if (ret < 0)
{
BIO_vfree(bio);
return(NULL);
}
#else #else
sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
OPENSSL_assert(ret >= 0); if (ret < 0)
{
BIO_vfree(bio);
return(NULL);
}
event.sctp_authentication_event = 1; event.sctp_authentication_event = 1;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
OPENSSL_assert(ret >= 0); if (ret < 0)
{
BIO_vfree(bio);
return(NULL);
}
#endif #endif
#endif #endif
@ -1026,7 +1052,11 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
* larger than the max record size of 2^14 + 2048 + 13 * larger than the max record size of 2^14 + 2048 + 13
*/ */
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval)); ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval));
OPENSSL_assert(ret >= 0); if (ret < 0)
{
BIO_vfree(bio);
return(NULL);
}
return(bio); return(bio);
} }
@ -1191,16 +1221,28 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
event.se_type = SCTP_SENDER_DRY_EVENT; event.se_type = SCTP_SENDER_DRY_EVENT;
event.se_on = 0; event.se_on = 0;
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event)); i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
OPENSSL_assert(i >= 0); if (i < 0)
{
ret = i;
break;
}
#else #else
eventsize = sizeof(struct sctp_event_subscribe); eventsize = sizeof(struct sctp_event_subscribe);
i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
OPENSSL_assert(i >= 0); if (i < 0)
{
ret = i;
break;
}
event.sctp_sender_dry_event = 0; event.sctp_sender_dry_event = 0;
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe)); i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
OPENSSL_assert(i >= 0); if (i < 0)
{
ret = i;
break;
}
#endif #endif
} }
@ -1233,8 +1275,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
*/ */
optlen = (socklen_t) sizeof(int); optlen = (socklen_t) sizeof(int);
ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
OPENSSL_assert(ret >= 0); if (ret >= 0)
OPENSSL_assert(optval >= 18445); OPENSSL_assert(optval >= 18445);
/* Test if SCTP doesn't partially deliver below /* Test if SCTP doesn't partially deliver below
* max record size (2^14 + 2048 + 13) * max record size (2^14 + 2048 + 13)
@ -1242,8 +1284,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
optlen = (socklen_t) sizeof(int); optlen = (socklen_t) sizeof(int);
ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
&optval, &optlen); &optval, &optlen);
OPENSSL_assert(ret >= 0); if (ret >= 0)
OPENSSL_assert(optval >= 18445); OPENSSL_assert(optval >= 18445);
/* Partially delivered notification??? Probably a bug.... */ /* Partially delivered notification??? Probably a bug.... */
OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
@ -1277,15 +1319,15 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
authchunks = OPENSSL_malloc(optlen); authchunks = OPENSSL_malloc(optlen);
memset(authchunks, 0, optlen); memset(authchunks, 0, optlen);
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
OPENSSL_assert(ii >= 0);
for (p = (unsigned char*) authchunks->gauth_chunks; if (ii >= 0)
p < (unsigned char*) authchunks + optlen; for (p = (unsigned char*) authchunks->gauth_chunks;
p += sizeof(uint8_t)) p < (unsigned char*) authchunks + optlen;
{ p += sizeof(uint8_t))
if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1; {
if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1; if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
} if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
}
OPENSSL_free(authchunks); OPENSSL_free(authchunks);