diff options
author | Bodo Möller <bodo@openssl.org> | 2007-09-23 11:30:53 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2007-09-23 11:30:53 +0000 |
commit | 02c27b113cfc6000d94644e19c06c0f45e3480af (patch) | |
tree | 5d20731b09d12f32ada667304f3133440a88c065 /ssl | |
parent | 86d4bc3aeaa7bc0f7551b54c6091b736d0b2732b (diff) | |
download | openssl-02c27b113cfc6000d94644e19c06c0f45e3480af.tar.gz |
properly handle length-zero opaque PRF input values
(which are pointless, but still might occur)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 5 | ||||
-rw-r--r-- | ssl/t1_lib.c | 21 |
2 files changed, 20 insertions, 6 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 476d27a7b2..548eeef6f3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2369,7 +2369,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } if (s->tlsext_opaque_prf_input != NULL) OPENSSL_free(s->tlsext_opaque_prf_input); - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); + if ((size_t)larg == 0) + s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ + else + s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); if (s->tlsext_opaque_prf_input != NULL) { s->tlsext_opaque_prf_input_len = (size_t)larg; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 0c7841402d..1aaf8905c8 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -664,8 +664,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ OPENSSL_free(s->s3->client_opaque_prf_input); - - s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); + if (s->s3->client_opaque_prf_input_len == 0) + s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ + else + s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); if (s->s3->client_opaque_prf_input == NULL) { *al = TLS1_AD_INTERNAL_ERROR; @@ -777,7 +779,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */ OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); + if (s->s3->server_opaque_prf_input_len == 0) + s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ + else + s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); if (s->s3->server_opaque_prf_input == NULL) { @@ -890,7 +895,10 @@ int ssl_prepare_clienthello_tlsext(SSL *s) if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */ OPENSSL_free(s->s3->client_opaque_prf_input); - s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); + if (s->tlsext_opaque_prf_input_len == 0) + s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ + else + s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); if (s->s3->client_opaque_prf_input == NULL) { SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE); @@ -990,7 +998,10 @@ int ssl_check_clienthello_tlsext(SSL *s) /* can only use this extension if we have a server opaque PRF input * of the same length as the client opaque PRF input! */ - s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); + if (s->tlsext_opaque_prf_input_len == 0) + s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */ + else + s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len); if (s->s3->server_opaque_prf_input == NULL) { ret = SSL_TLSEXT_ERR_ALERT_FATAL; |