Fix off-by-one errors in ssl_cipher_get_evp()
authorKurt Cancemi <kurt@x64Architecture.com>
Thu, 12 Jun 2014 20:25:07 +0000 (21:25 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 12 Jun 2014 20:25:07 +0000 (21:25 +0100)
    In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

    PR#3375

ssl/ssl_ciph.c

index a54c06ffb7d3e92e12c4382cbc3eb572e1da5155..c16ba1518894bfd000550dae8f729752eba09486 100644 (file)
@@ -390,7 +390,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                break;
                }
 
-       if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+       if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
                *enc=NULL;
        else
                {
@@ -412,7 +412,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                i= -1;
                break;
                }
-       if ((i < 0) || (i > SSL_MD_NUM_IDX))
+       if ((i < 0) || (i >= SSL_MD_NUM_IDX))
                *md=NULL;
        else
                *md=ssl_digest_methods[i];