properly handle length-zero opaque PRF input values

author Bodo Möller <bodo@openssl.org>

Sun, 23 Sep 2007 11:30:53 +0000 (11:30 +0000)

committer Bodo Möller <bodo@openssl.org>

Sun, 23 Sep 2007 11:30:53 +0000 (11:30 +0000)
author Bodo Möller <bodo@openssl.org>
Sun, 23 Sep 2007 11:30:53 +0000 (11:30 +0000)
committer Bodo Möller <bodo@openssl.org>
Sun, 23 Sep 2007 11:30:53 +0000 (11:30 +0000)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 476d27a7b29b2b3f62dc2206d8c090c3aa53b294..548eeef6f3556e3e0065115e1e86de6b9cbeda54 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2369,7 +2369,10 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                         }
                 if (s->tlsext_opaque_prf_input != NULL)
                         OPENSSL_free(s->tlsext_opaque_prf_input);
-               s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+               if ((size_t)larg == 0)
+                       s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+               else
+                       s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
                 if (s->tlsext_opaque_prf_input != NULL)
                         {
                         s->tlsext_opaque_prf_input_len = (size_t)larg;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 0c7841402d3f3e55c792ba234b07948aca7c62ac..1aaf8905c8179cae1dad30400a0b9184de3e5727 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -664,8 +664,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
  
                         if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
                                 OPENSSL_free(s->s3->client_opaque_prf_input);
-
-                       s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+                       if (s->s3->client_opaque_prf_input_len == 0)
+                               s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                       else
+                               s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
                         if (s->s3->client_opaque_prf_input == NULL)
                                 {
                                 *al = TLS1_AD_INTERNAL_ERROR;
@@ -777,7 +779,10 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         
                         if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
                                 OPENSSL_free(s->s3->server_opaque_prf_input);
-                       s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+                       if (s->s3->server_opaque_prf_input_len == 0)
+                               s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                       else
+                               s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
  
                         if (s->s3->server_opaque_prf_input == NULL)
                                 {
@@ -890,7 +895,10 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
                         if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
                                 OPENSSL_free(s->s3->client_opaque_prf_input);
  
-                       s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                       if (s->tlsext_opaque_prf_input_len == 0)
+                               s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                       else
+                               s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
                         if (s->s3->client_opaque_prf_input == NULL)
                                 {
                                 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
@@ -990,7 +998,10 @@ int ssl_check_clienthello_tlsext(SSL *s)
                                 /* can only use this extension if we have a server opaque PRF input
                                  * of the same length as the client opaque PRF input! */
  
-                               s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                               if (s->tlsext_opaque_prf_input_len == 0)
+                                       s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
+                               else
+                                       s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
                                 if (s->s3->server_opaque_prf_input == NULL)
                                         {
                                         ret = SSL_TLSEXT_ERR_ALERT_FATAL;
author	Bodo Möller <bodo@openssl.org>
	Sun, 23 Sep 2007 11:30:53 +0000 (11:30 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Sun, 23 Sep 2007 11:30:53 +0000 (11:30 +0000)
ssl/s3_lib.c		patch \| blob \| history
ssl/t1_lib.c		patch \| blob \| history