mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-13 19:47:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

ssl_cipher_process_rulestr: don't read outside rule_str buffer

Browse Source 
If rule_str ended in a "-", "l" was incremented one byte past the
end of the buffer.  This resulted in an out-of-bounds read when "l"
is dereferenced at the end of the loop.  It is safest to just return
early in this case since the condition occurs inside a nested loop.

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19166)
This commit is contained in:
Todd C. Miller 2022-10-24 08:00:48 -06:00 committed by Tomas Mraz
parent e251e7ba1c
commit 428511ca66
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/ssl_ciph.c
View File

@ -1062,9 +1062,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* alphanumeric, so we call this an error.
*/
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND);
retval = found = 0;
l++;
break;
return 0;
}
if (rule == CIPHER_SPECIAL) {