Return NULL when there are no shared ciphers.

OpenSSL added this change to avoid an out-of-bounds write since
they're accessing p[-1].  We initialize buf and use strrchr() so we
aren't subject to the same OOB write.

However, we should return NULL rather than an empty string when there
are no shared ciphers.

Also, KNF a particularly bad section above here that miod noticed.

Based on OpenSSL commits:
4ee356686f72ff849f6f3d58562224ace732b1a6
308505b838e4e3ce8485bb30f5b26e2766dc7f8b

ok miod@

1 files changed, 6 insertions, 4 deletions

diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index 8ecb37d1be6..8ebcb74ab9a 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.96 2015/02/07 05:46:01 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.97 2015/02/09 07:17:55 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1355,11 +1355,13 @@ SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
 	size_t			 curlen = 0;
 	int			 i;
 
-	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
-		(len < 2))
-	return (NULL);
+	if (s->session == NULL || s->session->ciphers == NULL || len < 2)
+		return (NULL);
 
 	sk = s->session->ciphers;
+	if (sk_SSL_CIPHER_num(sk) == 0)
+		return (NULL);
+
 	buf[0] = '\0';
 	for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
 		c = sk_SSL_CIPHER_value(sk, i);