aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2007-09-23 11:30:53 +0000
committerBodo Möller <bodo@openssl.org>2007-09-23 11:30:53 +0000
commit02c27b113cfc6000d94644e19c06c0f45e3480af (patch)
tree5d20731b09d12f32ada667304f3133440a88c065
parent86d4bc3aeaa7bc0f7551b54c6091b736d0b2732b (diff)
downloadopenssl-02c27b113cfc6000d94644e19c06c0f45e3480af.tar.gz
properly handle length-zero opaque PRF input values
(which are pointless, but still might occur)
Diffstat
-rw-r--r--ssl/s3_lib.c5
-rw-r--r--ssl/t1_lib.c21
2 files changed, 20 insertions, 6 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 476d27a7b2..548eeef6f3 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2369,7 +2369,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
}
if (s->tlsext_opaque_prf_input != NULL)
OPENSSL_free(s->tlsext_opaque_prf_input);
- s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+ if ((size_t)larg == 0)
+ s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
if (s->tlsext_opaque_prf_input != NULL)
{
s->tlsext_opaque_prf_input_len = (size_t)larg;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 0c7841402d..1aaf8905c8 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -664,8 +664,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
OPENSSL_free(s->s3->client_opaque_prf_input);
-
- s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+ if (s->s3->client_opaque_prf_input_len == 0)
+ s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
if (s->s3->client_opaque_prf_input == NULL)
{
*al = TLS1_AD_INTERNAL_ERROR;
@@ -777,7 +779,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
OPENSSL_free(s->s3->server_opaque_prf_input);
- s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+ if (s->s3->server_opaque_prf_input_len == 0)
+ s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
if (s->s3->server_opaque_prf_input == NULL)
{
@@ -890,7 +895,10 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
OPENSSL_free(s->s3->client_opaque_prf_input);
- s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+ if (s->tlsext_opaque_prf_input_len == 0)
+ s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
if (s->s3->client_opaque_prf_input == NULL)
{
SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
@@ -990,7 +998,10 @@ int ssl_check_clienthello_tlsext(SSL *s)
/* can only use this extension if we have a server opaque PRF input
* of the same length as the client opaque PRF input! */
- s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+ if (s->tlsext_opaque_prf_input_len == 0)
+ s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+ else
+ s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
if (s->s3->server_opaque_prf_input == NULL)
{
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-04 13:28:13 +0000