From: Matt Caswell <matt@openssl.org>
Date: Tue, 28 Apr 2015 14:19:50 +0000 (+0100)
Subject: Sanity check the return from final_finish_mac
X-Git-Tag: OpenSSL_1_1_0-pre1~1235
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c427570e5098e120cbcb66e799f85c317aac7b91;p=oweals%2Fopenssl.git

Sanity check the return from final_finish_mac

The return value is checked for 0. This is currently safe but we should
really check for <= 0 since -1 is frequently used for error conditions.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
---

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index d0cb763b8d..bf5e8c7c2d 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -168,7 +168,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
         i = s->method->ssl3_enc->final_finish_mac(s,
                                                   sender, slen,
                                                   s->s3->tmp.finish_md);
-        if (i == 0)
+        if (i <= 0)
             return 0;
         s->s3->tmp.finish_md_len = i;
         memcpy(p, s->s3->tmp.finish_md, i);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8b4c6150ef..9ae1a0711b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -2073,7 +2073,6 @@ void dtls1_set_message_header(SSL *s,
 __owur int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
 
 __owur int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-__owur int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 __owur int dtls1_read_failed(SSL *s, int code);
 __owur int dtls1_buffer_message(SSL *s, int ccs);
 __owur int dtls1_retransmit_message(SSL *s, unsigned short seq,