From e697a4c3d7d2267e9d82d88dbfa5084475794cb3 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 15 Apr 2015 14:18:55 +0200 Subject: [PATCH] Error out immediately on empty ciphers list. A 0-length ciphers list is never permitted. The old code only used to reject an empty ciphers list for connections with a session ID. It would later error out on a NULL structure, so this change just moves the alert closer to the problem source. Reviewed-by: Rich Salz (cherry picked from commit 3ae91cfb327c9ed689b9aaf7bca01a3f5a0657cb) --- ssl/s3_srvr.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 00bc757b2b..2e7cb7a327 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1125,8 +1125,8 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } n2s(p, i); - if ((i == 0) && (j != 0)) { - /* we need a cipher if we are not resuming a session */ + + if (i == 0) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; @@ -1139,14 +1139,13 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } - if ((i > 0) && (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) - == NULL)) { + if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) { goto err; } p += i; /* If it is a hit, check that the cipher is in the list */ - if ((s->hit) && (i > 0)) { + if (s->hit) { j = 0; id = s->session->cipher->id; @@ -1375,8 +1374,8 @@ int ssl3_get_client_hello(SSL *s) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; if (ciphers == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_PASSED); + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto f_err; } ciphers = NULL; -- 2.25.1