Reduce casting nastiness.
authorBen Laurie <ben@links.org>
Sat, 5 Jul 2014 13:59:33 +0000 (14:59 +0100)
committerBen Laurie <ben@links.org>
Sat, 5 Jul 2014 14:00:53 +0000 (15:00 +0100)
ssl/s3_pkt.c
ssl/ssl.h
ssl/ssl_err.c

index 2439925..dab2bd7 100644 (file)
@@ -643,6 +643,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 #endif
        SSL3_BUFFER *wb=&(s->s3->wbuf);
        int i;
+       unsigned int u_len = (unsigned int)len;
+
+       if (len < 0)
+               {
+               SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_NEGATIVE_LENGTH);
+               return -1;
+               }
 
        s->rwstate=SSL_NOTHING;
        OPENSSL_assert(s->s3->wnum <= INT_MAX);
@@ -697,7 +704,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
         * compromise is considered worthy.
         */
        if (type==SSL3_RT_APPLICATION_DATA &&
-           len >= 4*(int)(max_send_fragment=s->max_send_fragment) &&
+           u_len >= 4*(max_send_fragment=s->max_send_fragment) &&
            s->compress==NULL && s->msg_callback==NULL &&
            !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
            EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
@@ -718,7 +725,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                                        EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
                                        max_send_fragment,NULL);
 
-                       if (len>=8*(int)max_send_fragment)      packlen *= 8;
+                       if (u_len >= 8*max_send_fragment)       packlen *= 8;
                        else                            packlen *= 4;
 
                        wb->buf=OPENSSL_malloc(packlen);
index c434b86..d44a9d5 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -3057,6 +3057,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION        228
 #define SSL_R_SSL_HANDSHAKE_FAILURE                     229
 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                230
+#define SSL_R_SSL_NEGATIVE_LENGTH                       372
 #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED            301
 #define SSL_R_SSL_SESSION_ID_CONFLICT                   302
 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG           273
index 258d408..70a2a73 100644 (file)
@@ -551,6 +551,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
 {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
 {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
+{ERR_REASON(SSL_R_SSL_NEGATIVE_LENGTH)   ,"ssl negative length"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},