diff options
author | Miod Vallat <miod@openbsd.org> | 2014-06-04 03:59:58 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-06-22 23:14:19 +0100 |
commit | 2841d6ca9f87c2aeb318e6957038864119770e3a (patch) | |
tree | ebd5c589835f101cd7b975a5578774594c1d45fc /ssl | |
parent | cf1b08cdd7005a7e8f8935872a09da5f91d64557 (diff) | |
download | openssl-2841d6ca9f87c2aeb318e6957038864119770e3a.zip openssl-2841d6ca9f87c2aeb318e6957038864119770e3a.tar.gz openssl-2841d6ca9f87c2aeb318e6957038864119770e3a.tar.bz2 |
Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
Bug discovered and fixed by Miod Vallat from the OpenBSD team.
PR#3375
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_ciph.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0f03b06..ad9b762 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -582,7 +582,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, break; } - if ((i < 0) || (i > SSL_ENC_NUM_IDX)) + if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) *enc=NULL; else { @@ -616,7 +616,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, i= -1; break; } - if ((i < 0) || (i > SSL_MD_NUM_IDX)) + if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { *md=NULL; if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; |