From: Matt Caswell Date: Mon, 5 Oct 2015 13:12:05 +0000 (+0100) Subject: Change functions to pass in a limit rather than calculate it X-Git-Tag: OpenSSL_1_0_2e~64 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=61dfe3a720b37efe97fa5de23ceadd17ce47518d;p=oweals%2Fopenssl.git Change functions to pass in a limit rather than calculate it Some extension handling functions were passing in a pointer to the start of the data, plus the length in order to calculate the end, rather than just passing in the end to start with. This change makes things a little more readable. Reviewed-by: Emilia Käsper --- diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index acd3b9e964..a355fde047 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1231,7 +1231,7 @@ int ssl3_get_client_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (s->version >= SSL3_VERSION) { - if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) { + if (!ssl_parse_clienthello_tlsext(s, &p, d + n)) { SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT); goto err; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6c2c551e5e..1caf83b8a6 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1366,7 +1366,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, - unsigned char *d, int n); + unsigned char *limit); int tls1_set_server_sigalgs(SSL *s); int ssl_check_clienthello_tlsext_late(SSL *s); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 33af933ea9..ba09848360 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * 10.8..10.8.3 (which don't work). */ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const unsigned char *d, int n) + const unsigned char *limit) { unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { @@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 0x02, 0x03, /* SHA-1/ECDSA */ }; - if (data >= (d + n - 2)) + if (data >= (limit - 2)) return; data += 2; - if (data > (d + n - 4)) + if (data > (limit - 4)) return; n2s(data, type); n2s(data, size); @@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, if (type != TLSEXT_TYPE_server_name) return; - if (data + size > d + n) + if (data + size > limit) return; data += size; @@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const size_t len1 = sizeof(kSafariExtensionsBlock); const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - if (data + len1 + len2 != d + n) + if (data + len1 + len2 != limit) return; if (memcmp(data, kSafariExtensionsBlock, len1) != 0) return; @@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, } else { const size_t len = sizeof(kSafariExtensionsBlock); - if (data + len != d + n) + if (data + len != limit) return; if (memcmp(data, kSafariExtensionsBlock, len) != 0) return; @@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, } static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, - unsigned char *d, int n, int *al) + unsigned char *limit, int *al) { unsigned short type; unsigned short size; @@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); + ssl_check_for_safari(s, data, limit); # endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ @@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->srtp_profile = NULL; - if (data == d + n) + if (data == limit) goto ri_check; - if (data > (d + n - 2)) + if (data > (limit - 2)) goto err; n2s(data, len); - if (data + len != d + n) + if (data + len != limit) goto err; - while (data <= (d + n - 4)) { + while (data <= (limit - 4)) { n2s(data, type); n2s(data, size); - if (data + size > (d + n)) + if (data + size > (limit)) goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); @@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } /* Spurious data on the end */ - if (data != d + n) + if (data != limit) goto err; *p = data; @@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, return 1; } -int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, - int n) +int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, + unsigned char *limit) { int al = -1; unsigned char *ptmp = *p; @@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, * switch the parent context using SSL_set_SSL_CTX and custom extensions * need to be handled by the new SSL_CTX structure. */ - if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) { + if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) { ssl3_send_alert(s, SSL3_AL_FATAL, al); return 0; } @@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } custom_ext_init(&s->cert->srv_ext); - if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) { + if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) { ssl3_send_alert(s, SSL3_AL_FATAL, al); return 0; }