Sanity check the return from final_finish_mac
authorMatt Caswell <matt@openssl.org>
Tue, 28 Apr 2015 14:19:50 +0000 (15:19 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 30 Apr 2015 22:27:05 +0000 (23:27 +0100)
The return value is checked for 0. This is currently safe but we should
really check for <= 0 since -1 is frequently used for error conditions.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit c427570e5098e120cbcb66e799f85c317aac7b91)

Conflicts:
ssl/ssl_locl.h

Conflicts:
ssl/ssl_locl.h

ssl/s3_both.c

index 77374f4..107b460 100644 (file)
@@ -169,7 +169,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
         i = s->method->ssl3_enc->final_finish_mac(s,
                                                   sender, slen,
                                                   s->s3->tmp.finish_md);
-        if (i == 0)
+        if (i <= 0)
             return 0;
         s->s3->tmp.finish_md_len = i;
         memcpy(p, s->s3->tmp.finish_md, i);