projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Adds multiple checks to avoid buffer over reads
[openssl.git]
/
ssl
/
ssl_mcnf.c
diff --git
a/ssl/ssl_mcnf.c
b/ssl/ssl_mcnf.c
index 59674f3d39c9dd6bd78d87d0e06eb4483c783cc1..1471a0dc724f6ed147c7f896c9de3077452c13a0 100644
(file)
--- a/
ssl/ssl_mcnf.c
+++ b/
ssl/ssl_mcnf.c
@@
-1,5
+1,5
@@
/*
/*
- * Copyright 2015-201
6
The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-201
8
The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@
-125,6
+125,7
@@
static const struct ssl_conf_name *ssl_name_find(const char *name)
{
size_t i;
const struct ssl_conf_name *nm;
{
size_t i;
const struct ssl_conf_name *nm;
+
if (name == NULL)
return NULL;
for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
if (name == NULL)
return NULL;
for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
@@
-134,7
+135,7
@@
static const struct ssl_conf_name *ssl_name_find(const char *name)
return NULL;
}
return NULL;
}
-static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name
, int system
)
{
SSL_CONF_CTX *cctx = NULL;
size_t i;
{
SSL_CONF_CTX *cctx = NULL;
size_t i;
@@
-143,21
+144,28
@@
static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
const SSL_METHOD *meth;
const struct ssl_conf_name *nm;
struct ssl_conf_cmd *cmd;
const SSL_METHOD *meth;
const struct ssl_conf_name *nm;
struct ssl_conf_cmd *cmd;
+
if (s == NULL && ctx == NULL) {
SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
if (s == NULL && ctx == NULL) {
SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
goto err;
}
+
+ if (name == NULL && system)
+ name = "system_default";
nm = ssl_name_find(name);
if (nm == NULL) {
nm = ssl_name_find(name);
if (nm == NULL) {
- SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
- ERR_add_error_data(2, "name=", name);
+ if (!system) {
+ SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
+ ERR_add_error_data(2, "name=", name);
+ }
goto err;
}
cctx = SSL_CONF_CTX_new();
if (cctx == NULL)
goto err;
flags = SSL_CONF_FLAG_FILE;
goto err;
}
cctx = SSL_CONF_CTX_new();
if (cctx == NULL)
goto err;
flags = SSL_CONF_FLAG_FILE;
- flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
+ if (!system)
+ flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
if (s != NULL) {
meth = s->method;
SSL_CONF_CTX_set_ssl(cctx, s);
if (s != NULL) {
meth = s->method;
SSL_CONF_CTX_set_ssl(cctx, s);
@@
-190,10
+198,15
@@
static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name)
int SSL_config(SSL *s, const char *name)
{
int SSL_config(SSL *s, const char *name)
{
- return ssl_do_config(s, NULL, name);
+ return ssl_do_config(s, NULL, name
, 0
);
}
int SSL_CTX_config(SSL_CTX *ctx, const char *name)
{
}
int SSL_CTX_config(SSL_CTX *ctx, const char *name)
{
- return ssl_do_config(NULL, ctx, name);
+ return ssl_do_config(NULL, ctx, name, 0);
+}
+
+void ssl_ctx_system_config(SSL_CTX *ctx)
+{
+ ssl_do_config(NULL, ctx, NULL, 1);
}
}