Fix some more memory leaks with TXT_DB_insert.

[oweals/openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 6957bda7850987907340b348bf1ad03e9a84cd7e..92b022b7cb98f561d441f5271367bc2e6833523d 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -235,8 +235,7 @@ static const SSL_CIPHER cipher_aliases[] = {
      * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
      * ALL!)
      */
-    {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
-     SSL_EXP_MASK, 0, 0, 0},
+    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
 
     /*
      * key exchange aliases (some of those using only a single bit here
@@ -1030,10 +1029,6 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
             if (cipher_id && cipher_id != cp->id)
                 continue;
 #endif
-            if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
-                goto ok;
-            if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
-                goto ok;
             if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
                 continue;
             if (alg_auth && !(alg_auth & cp->algorithm_auth))
@@ -1050,10 +1045,11 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
             if ((algo_strength & SSL_STRONG_MASK)
                 && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
                 continue;
+            if ((algo_strength & SSL_NOT_DEFAULT)
+                && !(cp->algo_strength & SSL_NOT_DEFAULT))
+                continue;
         }
 
-    ok:
-
 #ifdef CIPHER_DEBUG
         fprintf(stderr, "Action = %d\n", rule);
 #endif
@@ -1337,6 +1333,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         ca_list[j]->algo_strength & SSL_STRONG_MASK;
             }
 
+            if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
+                algo_strength |= SSL_NOT_DEFAULT;
+            }
+
             if (ca_list[j]->valid) {
                 /*
                  * explicit ciphersuite found; its protocol version does not
@@ -1932,17 +1932,27 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
 }
 
 #ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    return NULL;
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
 {
     return NULL;
 }
 
-int SSL_COMP_add_compression_method(int id, void *cm)
+void SSL_COMP_free_compression_methods(void)
+{
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 {
     return 1;
 }
 
-const char *SSL_COMP_get_name(const void *comp)
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
 {
     return NULL;
 }
@@ -1991,11 +2001,16 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
     if (id < 193 || id > 255) {
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
                SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
-        return 0;
+        return 1;
     }
 
     MemCheck_off();
     comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+    if (comp == NULL) {
+        MemCheck_on();
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
     comp->id = id;
     comp->method = cm;
     load_builtin_compressions();