summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Hogan <doug@cvs.openbsd.org>2015-06-20 17:04:08 +0000
committerDoug Hogan <doug@cvs.openbsd.org>2015-06-20 17:04:08 +0000
commit9754e4033399c43c0d94ce144429a7387e658767 (patch)
treed65cd790123f1278123b8fa962068e706bcabf2a
parent3da10bd02850924ebdbe45ee25d1eada3825b378 (diff)
Convert ssl3_get_next_proto to CBS.
tweak + ok miod@ jsing@
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c33
1 files changed, 19 insertions, 14 deletions
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index c595fa31cc1..ab8e74e63a5 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.108 2015/06/18 22:51:05 doug Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.109 2015/06/20 17:04:07 doug Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -164,6 +164,8 @@
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "bytestring.h"
+
static const SSL_METHOD *ssl3_get_server_method(int ver);
const SSL_METHOD SSLv3_server_method_data = {
@@ -2702,10 +2704,10 @@ ssl3_send_cert_status(SSL *s)
int
ssl3_get_next_proto(SSL *s)
{
+ CBS cbs, proto, padding;
int ok;
- int proto_len, padding_len;
long n;
- const unsigned char *p;
+ size_t len;
/*
* Clients cannot send a NextProtocol message if we didn't see the
@@ -2738,7 +2740,7 @@ ssl3_get_next_proto(SSL *s)
return (0);
/* The body must be > 1 bytes long */
- p = (unsigned char *)s->init_msg;
+ CBS_init(&cbs, s->init_msg, s->init_num);
/*
* The payload looks like:
@@ -2747,21 +2749,24 @@ ssl3_get_next_proto(SSL *s)
* uint8 padding_len;
* uint8 padding[padding_len];
*/
- proto_len = p[0];
- if (proto_len + 2 > s->init_num)
- return (0);
- padding_len = p[proto_len + 1];
- if (proto_len + padding_len + 2 != s->init_num)
- return (0);
+ if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
+ !CBS_get_u8_length_prefixed(&cbs, &padding) ||
+ CBS_len(&cbs) != 0)
+ return 0;
+
+ /*
+ * XXX We should not NULL it, but this matches old behavior of not
+ * freeing before malloc.
+ */
+ s->next_proto_negotiated = NULL;
+ s->next_proto_negotiated_len = 0;
- s->next_proto_negotiated = malloc(proto_len);
- if (!s->next_proto_negotiated) {
+ if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
ERR_R_MALLOC_FAILURE);
return (0);
}
- memcpy(s->next_proto_negotiated, p + 1, proto_len);
- s->next_proto_negotiated_len = proto_len;
+ s->next_proto_negotiated_len = (uint8_t)len;
return (1);
}