diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-31 00:35:07 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-31 00:35:07 +0000 |
| commit | 7a8cd58f68a937ddb56162d7c0f31ab797c69d8a (patch) | |
| tree | 65ed47917cd44a0b8c90ff54fdff2c86249e33c6 /lib | |
| parent | 767e654bceceda3af78edd6ddb2f19d41eb51697 (diff) | |
Fix SRTP parsing.
jsing@ noticed that during the CBS conversion, an extra CBS_len
comparison was introduced. It should be 0 after extracting MKI.
ok jsing@ bcook@ deraadt@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/d1_srtp.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index 2974691e3c6..45ce5b8d3eb 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.14 2015/07/17 17:36:24 doug Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.15 2015/07/31 00:35:06 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -313,8 +313,7 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, CBS_init(&cbs, d, len); /* Pull off the cipher suite list */ if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) || - CBS_len(&ciphers) % 2 || - CBS_len(&cbs) != 0) { + CBS_len(&ciphers) % 2) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); *al = SSL_AD_DECODE_ERROR; |