From: Kurt Cancemi <kurt@x64Architecture.com>
Date: Thu, 12 Jun 2014 20:25:07 +0000 (+0100)
Subject:     Fix off-by-one errors in ssl_cipher_get_evp()
X-Git-Tag: OpenSSL_0_9_8zb~59
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=def1490717c091c6ef669da9fc5ea4c8b2a4d776;p=oweals%2Fopenssl.git

Fix off-by-one errors in ssl_cipher_get_evp()

    In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

    PR#3375
---

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index a54c06ffb7..c16ba15188 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -390,7 +390,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		break;
 		}
 
-	if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+	if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
 		*enc=NULL;
 	else
 		{
@@ -412,7 +412,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 		i= -1;
 		break;
 		}
-	if ((i < 0) || (i > SSL_MD_NUM_IDX))
+	if ((i < 0) || (i >= SSL_MD_NUM_IDX))
 		*md=NULL;
 	else
 		*md=ssl_digest_methods[i];