Give a better error if an attempt is made to set a zero length groups list

Previously we indicated this as a malloc failure which isn't very helpful. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7479) (cherry picked from commit 680bd131b6)
2018-10-26 15:29:15 +01:00 · 2018-10-26 15:29:15 +01:00 · efd67e01a5
commit efd67e01a5
parent f306b9e62a
2 changed files with 7 additions and 0 deletions
--- a/doc/man3/SSL_CTX_set1_curves.pod
+++ b/doc/man3/SSL_CTX_set1_curves.pod
@ -32,6 +32,9 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve

 =head1 DESCRIPTION

+For all of the functions below that set the supported groups there must be at
+least one group in the list.
+
 SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
 groups in the array B<glist>. The array consist of all NIDs of groups in
 preference order. For a TLS client the groups are used directly in the
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen,
     */
    unsigned long dup_list = 0;

+    if (ngroups == 0) {
+        SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
+        return 0;
+    }
    if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
        SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
        return 0;