From 60690b5b8396d7d5234cd067206190fb8aca78d2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 12 Sep 2018 02:31:10 +0200 Subject: [PATCH] ssl/statem: Don't compare size_t with less than zero Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7194) --- ssl/statem/extensions.c | 6 ++++-- ssl/statem/statem_lib.c | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8422161dc1..8d4939d601 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1530,10 +1530,12 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, */ if (s->hello_retry_request == SSL_HRR_PENDING) { size_t hdatalen; + long hdatalen_l; void *hdata; - hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); - if (hdatalen <= 0) { + hdatalen = hdatalen_l = + BIO_get_mem_data(s->s3->handshake_buffer, &hdata); + if (hdatalen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, SSL_R_BAD_HANDSHAKE_LENGTH); goto err; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 508bb88767..e6e61f7876 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -203,9 +203,10 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen; } else { size_t retlen; + long retlen_l; - retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata); - if (retlen <= 0) { + retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata); + if (retlen_l <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA, ERR_R_INTERNAL_ERROR); return 0; -- 2.34.1