diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-02-02 12:11:10 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-02-09 10:48:46 +0100 |
| commit | 6d047e06e67cd1f6d83a52b83643e96b4cdbfb51 (patch) | |
| tree | 236b80510a9b6fb8a0a1ecb5d2a48b7e7c6823c0 /apps/s_cb.c | |
| parent | Because our test sid file contains EC, don't try it when configured no-ec (diff) | |
| download | openssl-6d047e06e67cd1f6d83a52b83643e96b4cdbfb51.tar.xz openssl-6d047e06e67cd1f6d83a52b83643e96b4cdbfb51.zip | |
SSL_get_shared_sigalgs: handle negative idx parameter
When idx is negative (as is the case with do_print_sigalgs in
apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read).
Even if the pointer is not dereferenced, this is undefined behavior.
Change the user not to use "-1" as index since the function is
documented to return 0 on out-of-range values.
Tested with `openssl s_server` and `curl -k https://localhost:4433`.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2349)
Diffstat (limited to 'apps/s_cb.c')
| -rw-r--r-- | apps/s_cb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index 550969d704..e0d432dc75 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -239,7 +239,7 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared) int i, nsig, client; client = SSL_is_server(s) ? 0 : 1; if (shared) - nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); + nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL); else nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); if (nsig == 0) |