Change functions to pass in a limit rather than calculate it

Some extension handling functions were passing in a pointer to the start of the data, plus the length in order to calculate the end, rather than just passing in the end to start with. This change makes things a little more readable. Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-10-05 14:12:05 +01:00 · 2015-10-05 14:12:05 +01:00 · 61dfe3a720
commit 61dfe3a720
parent 184718baab
3 changed files with 20 additions and 20 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -1231,7 +1231,7 @@ int ssl3_get_client_hello(SSL *s)
 #ifndef OPENSSL_NO_TLSEXT
    /* TLS extensions */
    if (s->version >= SSL3_VERSION) {
-        if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) {
+        if (!ssl_parse_clienthello_tlsext(s, &p, d + n)) {
            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
            goto err;
        }
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -1366,7 +1366,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
                                          unsigned char *limit, int *al);
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
-                                 unsigned char *d, int n);
+                                 unsigned char *limit);
 int tls1_set_server_sigalgs(SSL *s);
 int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
 * 10.8..10.8.3 (which don't work).
 */
 static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-                                 const unsigned char *d, int n)
+                                 const unsigned char *limit)
 {
    unsigned short type, size;
    static const unsigned char kSafariExtensionsBlock[] = {
@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
        0x02, 0x03,             /* SHA-1/ECDSA */
    };

-    if (data >= (d + n - 2))
+    if (data >= (limit - 2))
        return;
    data += 2;

-    if (data > (d + n - 4))
+    if (data > (limit - 4))
        return;
    n2s(data, type);
    n2s(data, size);
@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
    if (type != TLSEXT_TYPE_server_name)
        return;

-    if (data + size > d + n)
+    if (data + size > limit)
        return;
    data += size;

@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
        const size_t len1 = sizeof(kSafariExtensionsBlock);
        const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);

-        if (data + len1 + len2 != d + n)
+        if (data + len1 + len2 != limit)
            return;
        if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
            return;
@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
    } else {
        const size_t len = sizeof(kSafariExtensionsBlock);

-        if (data + len != d + n)
+        if (data + len != limit)
            return;
        if (memcmp(data, kSafariExtensionsBlock, len) != 0)
            return;
@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
 }

 static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
-                                       unsigned char *d, int n, int *al)
+                                       unsigned char *limit, int *al)
 {
    unsigned short type;
    unsigned short size;
@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

 # ifndef OPENSSL_NO_EC
    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-        ssl_check_for_safari(s, data, d, n);
+        ssl_check_for_safari(s, data, limit);
 # endif                         /* !OPENSSL_NO_EC */

    /* Clear any signature algorithms extension received */
@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

    s->srtp_profile = NULL;

-    if (data == d + n)
+    if (data == limit)
        goto ri_check;

-    if (data > (d + n - 2))
+    if (data > (limit - 2))
        goto err;

    n2s(data, len);

-    if (data + len != d + n)
+    if (data + len != limit)
        goto err;

-    while (data <= (d + n - 4)) {
+    while (data <= (limit - 4)) {
        n2s(data, type);
        n2s(data, size);

-        if (data + size > (d + n))
+        if (data + size > (limit))
            goto err;
 # if 0
        fprintf(stderr, "Received extension type %d size %d\n", type, size);
@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
    }

    /* Spurious data on the end */
-    if (data != d + n)
+    if (data != limit)
        goto err;

    *p = data;
@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
    return 1;
 }

-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
-                                 int n)
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
+                                 unsigned char *limit)
 {
    int al = -1;
    unsigned char *ptmp = *p;
@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
     * switch the parent context using SSL_set_SSL_CTX and custom extensions
     * need to be handled by the new SSL_CTX structure.
     */
-    if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) {
+    if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) {
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return 0;
    }
@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
    }

    custom_ext_init(&s->cert->srv_ext);
-    if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) {
+    if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) {
        ssl3_send_alert(s, SSL3_AL_FATAL, al);
        return 0;
    }