Reject empty generation strings.

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index d5ac75ac7b21a6a0799ecba1db6bccb0c353d07d..35b4061e89ce1b3fad0c506aea447333849d792c 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -334,7 +334,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
     }
     if (s_debug)
         BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
-                   identity ? (int)strlen(identity) : 0, identity);
+                   (int)strlen(identity), identity);
 
     /* here we could lookup the given identity e.g. from a database */
     if (strcmp(identity, psk_identity) != 0) {
@@ -998,7 +998,7 @@ int MAIN(int argc, char *argv[])
     int off = 0;
     int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
 #ifndef OPENSSL_NO_ECDH
-    int no_ecdhe;
+    int no_ecdhe = 0;
 #endif
     int state = 0;
     const SSL_METHOD *meth = NULL;
@@ -2642,7 +2642,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
 
         /* else we have data */
         if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
-            ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) {
+            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
             char *p;
             X509 *peer;
             STACK_OF(SSL_CIPHER) *sk;
@@ -2916,7 +2916,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
 {
     unsigned int count = 0;
     do {
-        RAND_pseudo_bytes(id, *id_len);
+        if(RAND_pseudo_bytes(id, *id_len) < 0)
+            return 0;
         /*
          * Prefix the session_id with the required prefix. NB: If our prefix
          * is too long, clip it - but there will be worse effects anyway, eg.