Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. Bug discovered and fixed by Miod Vallat from the OpenBSD team. PR#3375
This commit is contained in:
parent
00f5ee445b
commit
d15f2d98ef
1 changed files with 2 additions and 2 deletions
|
@ -563,7 +563,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
|||
break;
|
||||
}
|
||||
|
||||
if ((i < 0) || (i > SSL_ENC_NUM_IDX))
|
||||
if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
|
||||
*enc=NULL;
|
||||
else
|
||||
{
|
||||
|
@ -597,7 +597,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
|||
i= -1;
|
||||
break;
|
||||
}
|
||||
if ((i < 0) || (i > SSL_MD_NUM_IDX))
|
||||
if ((i < 0) || (i >= SSL_MD_NUM_IDX))
|
||||
{
|
||||
*md=NULL;
|
||||
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
|
||||
|
|
Loading…
Reference in a new issue