Handle the unlikely event that BIO_get_mem_data() returns -ve.
authorBen Laurie <ben@openssl.org>
Sat, 27 Dec 2008 02:00:38 +0000 (02:00 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 27 Dec 2008 02:00:38 +0000 (02:00 +0000)
ssl/s3_clnt.c
ssl/s3_enc.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_locl.h
ssl/t1_enc.c

index 5cea73c..af97a7e 100644 (file)
@@ -871,7 +871,8 @@ int ssl3_get_server_hello(SSL *s)
                        }
                }
        s->s3->tmp.new_cipher=c;
-       ssl3_digest_cached_records(s);
+       if (!ssl3_digest_cached_records(s))
+               goto f_err;
 
        /* lets get the compression algorithm */
        /* COMPRESSION */
index a7943ab..8e484d3 100644 (file)
@@ -580,37 +580,47 @@ void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
                        }
                }       
        }
-void ssl3_digest_cached_records(SSL *s)
+
+int ssl3_digest_cached_records(SSL *s)
        {
-               int i;
-               long mask;
-               const EVP_MD *md;
-               long hdatalen;
-               void *hdata;
-               /* Allocate handshake_dgst array */
-               ssl3_free_digest_list(s);
-               s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
-               memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
-               hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
-               /* Loop through bitso of algorithm2 field and create MD_CTX-es */
-               for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 
+       int i;
+       long mask;
+       const EVP_MD *md;
+       long hdatalen;
+       void *hdata;
+
+       /* Allocate handshake_dgst array */
+       ssl3_free_digest_list(s);
+       s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+       memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
+       hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
+       if (hdatalen <= 0)
+               {
+               SSLerr(SSL_F_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
+               return 0;
+               }
+
+       /* Loop through bitso of algorithm2 field and create MD_CTX-es */
+       for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 
+               {
+               if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) 
                        {
-                               if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) 
-                               {
-                                       s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
-                                       EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
-                                       EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
-                               } 
-                               else 
-                               {       
-                                       s->s3->handshake_dgst[i]=NULL;
-                               }
+                       s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
+                       EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
+                       EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
+                       } 
+               else 
+                       {       
+                       s->s3->handshake_dgst[i]=NULL;
                        }
-               /* Free handshake_buffer BIO */
-               BIO_free(s->s3->handshake_buffer);
-               s->s3->handshake_buffer = NULL;
+               }
+       /* Free handshake_buffer BIO */
+       BIO_free(s->s3->handshake_buffer);
+       s->s3->handshake_buffer = NULL;
 
+       return 1;
        }
+
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
        {
        return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
@@ -632,8 +642,10 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
        unsigned int i;
        unsigned char md_buf[EVP_MAX_MD_SIZE];
        EVP_MD_CTX ctx,*d=NULL;
+
        if (s->s3->handshake_buffer) 
-               ssl3_digest_cached_records(s);
+               if (!ssl3_digest_cached_records(s))
+                       return 0;
 
        /* Search for djgest of specified type  in the handshake_dgst
         * array*/
index 876d0ca..5cc3a19 100644 (file)
@@ -531,7 +531,8 @@ int ssl3_accept(SSL *s)
                                 * should be generalized. But it is next step
                                 */
                                if (s->s3->handshake_buffer)
-                                       ssl3_digest_cached_records(s);
+                                       if (!ssl3_digest_cached_records(s))
+                                               return -1;
                                for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)    
                                        if (s->s3->handshake_dgst[dgst_num]) 
                                                {
@@ -1158,7 +1159,8 @@ int ssl3_get_client_hello(SSL *s)
                s->s3->tmp.new_cipher=s->session->cipher;
                }
 
-       ssl3_digest_cached_records(s);
+       if (!ssl3_digest_cached_records(s))
+               goto f_err;
        
        /* we now have the following setup. 
         * client_random
index e43b5c2..64173af 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1784,6 +1784,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_CLIENT_HELLO                              101
 #define SSL_F_CLIENT_MASTER_KEY                                 102
 #define SSL_F_D2I_SSL_SESSION                           103
+#define SSL_F_DIGEST_CACHED_RECORDS                     293
 #define SSL_F_DO_DTLS1_WRITE                            245
 #define SSL_F_DO_SSL3_WRITE                             104
 #define SSL_F_DTLS1_ACCEPT                              246
@@ -1945,6 +1946,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_SET_RFD                               194
 #define SSL_F_SSL_SET_SESSION                           195
 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                218
+#define SSL_F_SSL_SET_SESSION_TICKET_EXT                294
 #define SSL_F_SSL_SET_TRUST                             228
 #define SSL_F_SSL_SET_WFD                               196
 #define SSL_F_SSL_SHUTDOWN                              224
@@ -1972,7 +1974,6 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_PRF                                  284
 #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
 #define SSL_F_WRITE_PENDING                             212
-#define SSL_F_SSL_SET_SESSION_TICKET_EXT                213
 
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE                     100
@@ -1991,6 +1992,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_ECC_CERT                              304
 #define SSL_R_BAD_ECDSA_SIGNATURE                       305
 #define SSL_R_BAD_ECPOINT                               306
+#define SSL_R_BAD_HANDSHAKE_LENGTH                      332
 #define SSL_R_BAD_HELLO_REQUEST                                 105
 #define SSL_R_BAD_LENGTH                                271
 #define SSL_R_BAD_MAC_DECODE                            113
index 817b67e..7879a31 100644 (file)
@@ -75,6 +75,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),    "CLIENT_MASTER_KEY"},
 {ERR_FUNC(SSL_F_D2I_SSL_SESSION),      "d2i_SSL_SESSION"},
+{ERR_FUNC(SSL_F_DIGEST_CACHED_RECORDS),        "DIGEST_CACHED_RECORDS"},
 {ERR_FUNC(SSL_F_DO_DTLS1_WRITE),       "DO_DTLS1_WRITE"},
 {ERR_FUNC(SSL_F_DO_SSL3_WRITE),        "DO_SSL3_WRITE"},
 {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
@@ -236,6 +237,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_SET_RFD),  "SSL_set_rfd"},
 {ERR_FUNC(SSL_F_SSL_SET_SESSION),      "SSL_set_session"},
 {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),   "SSL_set_session_id_context"},
+{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),   "SSL_set_session_ticket_ext"},
 {ERR_FUNC(SSL_F_SSL_SET_TRUST),        "SSL_set_trust"},
 {ERR_FUNC(SSL_F_SSL_SET_WFD),  "SSL_set_wfd"},
 {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
@@ -263,7 +265,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_TLS1_PRF),     "tls1_prf"},
 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_WRITE_PENDING),        "WRITE_PENDING"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
 {0,NULL}
        };
 
@@ -285,6 +286,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_ECC_CERT)          ,"bad ecc cert"},
 {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   ,"bad ecdsa signature"},
 {ERR_REASON(SSL_R_BAD_ECPOINT)           ,"bad ecpoint"},
+{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH)  ,"bad handshake length"},
 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
 {ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
 {ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
index 30bd746..9df4be5 100644 (file)
@@ -880,7 +880,7 @@ int ssl3_setup_read_buffer(SSL *s);
 int    ssl3_setup_write_buffer(SSL *s);
 int    ssl3_release_read_buffer(SSL *s);
 int    ssl3_release_write_buffer(SSL *s);
-void ssl3_digest_cached_records(SSL *s);
+int    ssl3_digest_cached_records(SSL *s);
 int    ssl3_new(SSL *s);
 void   ssl3_free(SSL *s);
 int    ssl3_accept(SSL *s);
index 3a34992..4d9a18e 100644 (file)
@@ -749,7 +749,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
        int i;
 
        if (s->s3->handshake_buffer) 
-               ssl3_digest_cached_records(s);
+               if (!ssl3_digest_cached_records(s))
+                       return 0;
+
        for (i=0;i<SSL_MAX_DIGEST;i++) 
                {
                  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
@@ -784,10 +786,11 @@ int tls1_final_finish_mac(SSL *s,
 
        q=buf;
 
-       EVP_MD_CTX_init(&ctx);
-
        if (s->s3->handshake_buffer) 
-               ssl3_digest_cached_records(s);
+               if (!ssl3_digest_cached_records(s))
+                       return 0;
+
+       EVP_MD_CTX_init(&ctx);
 
        for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
                {