From: Kurt Cancemi Date: Wed, 4 Jun 2014 07:59:58 +0000 (-0400) Subject: Fix off-by-one errors in ssl_cipher_get_evp() X-Git-Tag: OpenSSL_1_0_0n~73 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7e98378d155263bebbea3b3c13c1b6a780c8a6d3;p=oweals%2Fopenssl.git Fix off-by-one errors in ssl_cipher_get_evp() In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. PR#3375 --- diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 54ba7ef5b4..704854be91 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -531,7 +531,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, break; } - if ((i < 0) || (i > SSL_ENC_NUM_IDX)) + if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) *enc=NULL; else { @@ -559,7 +559,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, i= -1; break; } - if ((i < 0) || (i > SSL_MD_NUM_IDX)) + if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { *md=NULL; if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;