diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2015-07-15 21:52:03 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2015-07-15 21:52:03 +0000 |
| commit | 65144d104295a1a4e9040f2420adf2337df3ab39 (patch) | |
| tree | 7f85f74f8e0814aa791c0214776e80d99a53795d /lib | |
| parent | 5a6e25a249808a5bfb160e20387b068db3839619 (diff) | |
test for n<0 before use in CBS_init - mostly to shut up coverity.
reluctant ok miod@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/d1_srtp.c | 13 | ||||
| -rw-r--r-- | lib/libssl/s3_both.c | 10 | ||||
| -rw-r--r-- | lib/libssl/s3_clnt.c | 21 |
3 files changed, 33 insertions, 11 deletions
diff --git a/lib/libssl/d1_srtp.c b/lib/libssl/d1_srtp.c index 801eab1b76f..8f05c4abc87 100644 --- a/lib/libssl/d1_srtp.c +++ b/lib/libssl/d1_srtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */ +/* $OpenBSD: d1_srtp.c,v 1.13 2015/07/15 21:52:02 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -303,11 +303,16 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len, uint16_t id; CBS cbs, ciphers, mki; - CBS_init(&cbs, d, len); + if (len < 0) { + SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, + SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + *al = SSL_AD_DECODE_ERROR; + goto done; + } + CBS_init(&cbs, d, len); /* Pull off the cipher suite list */ - if (len < 0 || - !CBS_get_u16_length_prefixed(&cbs, &ciphers) || + if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) || CBS_len(&ciphers) % 2 || CBS_len(&cbs) != 0) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c index 5db0a116187..a19ce743808 100644 --- a/lib/libssl/s3_both.c +++ b/lib/libssl/s3_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_both.c,v 1.41 2015/07/14 05:41:07 doug Exp $ */ +/* $OpenBSD: s3_both.c,v 1.42 2015/07/15 21:52:02 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -242,9 +242,15 @@ ssl3_get_finished(SSL *s, int a, int b) md_len = s->method->ssl3_enc->finish_mac_length; + if (n < 0) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); + goto f_err; + } + CBS_init(&cbs, s->init_msg, n); - if (n < 0 || s->s3->tmp.peer_finish_md_len != md_len || + if (s->s3->tmp.peer_finish_md_len != md_len || CBS_len(&cbs) != md_len) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 6bc5a8b6221..3f7f3a411d5 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */ +/* $OpenBSD: s3_clnt.c,v 1.118 2015/07/15 21:52:02 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -996,7 +996,6 @@ ssl3_get_server_certificate(SSL *s) goto f_err; } - CBS_init(&cbs, s->init_msg, n); if ((sk = sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1004,8 +1003,13 @@ ssl3_get_server_certificate(SSL *s) goto err; } - if (n < 0 || CBS_len(&cbs) < 3) + if (n < 0) + goto truncated; + + CBS_init(&cbs, s->init_msg, n); + if (CBS_len(&cbs) < 3) goto truncated; + if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) || CBS_len(&cbs) != 0) { al = SSL_AD_DECODE_ERROR; @@ -1797,9 +1801,16 @@ ssl3_get_cert_status(SSL *s) if (!ok) return ((int)n); - CBS_init(&cert_status, s->init_msg, n); + if (n < 0) { + /* need at least status type + length */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_STATUS, + SSL_R_LENGTH_MISMATCH); + goto f_err; + } - if (n < 0 || !CBS_get_u8(&cert_status, &status_type) || + CBS_init(&cert_status, s->init_msg, n); + if (!CBS_get_u8(&cert_status, &status_type) || CBS_len(&cert_status) < 3) { /* need at least status type + length */ al = SSL_AD_DECODE_ERROR; |