From fae11ec714ac8e71d95e824d7102ab5b2ec2e256 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Tue, 15 Sep 2015 21:26:32 +0200 Subject: [PATCH] Fix return values when adding serverinfo fails. Reviewed-by: Rich Salz MR #1128 --- ssl/ssl_rsa.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 6772441d10..f23137cd8a 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -747,31 +747,31 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, *extension_data = NULL; *extension_length = 0; if (serverinfo == NULL || serverinfo_length == 0) - return 0; + return -1; for (;;) { unsigned int type = 0; size_t len = 0; /* end of serverinfo */ if (serverinfo_length == 0) - return -1; /* Extension not found */ + return 0; /* Extension not found */ /* read 2-byte type field */ if (serverinfo_length < 2) - return 0; /* Error */ + return -1; /* Error */ type = (serverinfo[0] << 8) + serverinfo[1]; serverinfo += 2; serverinfo_length -= 2; /* read 2-byte len field */ if (serverinfo_length < 2) - return 0; /* Error */ + return -1; /* Error */ len = (serverinfo[0] << 8) + serverinfo[1]; serverinfo += 2; serverinfo_length -= 2; if (len > serverinfo_length) - return 0; /* Error */ + return -1; /* Error */ if (type == extension_type) { *extension_data = serverinfo; @@ -811,10 +811,12 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type, /* Find the relevant extension from the serverinfo */ int retval = serverinfo_find_extension(serverinfo, serverinfo_length, ext_type, out, outlen); + if (retval == -1) { + *al = SSL_AD_DECODE_ERROR; + return -1; /* Error */ + } if (retval == 0) - return 0; /* Error */ - if (retval == -1) - return -1; /* No extension found, don't send extension */ + return 0; /* No extension found, don't send extension */ return 1; /* Send extension */ } return -1; /* No serverinfo data found, don't send -- 2.25.1