Commit 61dfe3a7 authored by Matt Caswell's avatar Matt Caswell
Browse files

Change functions to pass in a limit rather than calculate it 



Some extension handling functions were passing in a pointer to the start
of the data, plus the length in order to calculate the end, rather than
just passing in the end to start with. This change makes things a little
more readable.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent 184718ba

ssl/s3_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -1231,7 +1231,7 @@ int ssl3_get_client_hello(SSL *s) 
#ifndef OPENSSL_NO_TLSEXT

    /* TLS extensions */

    if (s->version >= SSL3_VERSION) {

        if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) {

        if (!ssl_parse_clienthello_tlsext(s, &p, d + n)) {

            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);

            goto err;

        }

ssl/ssl_locl.h

+1 −1
Original line number Diff line number Diff line
@@ -1366,7 +1366,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, 
unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,

                                          unsigned char *limit, int *al);

int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,

                                 unsigned char *d, int n);

                                 unsigned char *limit);

int tls1_set_server_sigalgs(SSL *s);

int ssl_check_clienthello_tlsext_late(SSL *s);

int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,

ssl/t1_lib.c

+18 −18
Original line number Diff line number Diff line
@@ -1837,7 +1837,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, 
 * 10.8..10.8.3 (which don't work).

 */

static void ssl_check_for_safari(SSL *s, const unsigned char *data,

                                 const unsigned char *d, int n)

                                 const unsigned char *limit)

{

    unsigned short type, size;

    static const unsigned char kSafariExtensionsBlock[] = {
@@ -1866,11 +1866,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 
        0x02, 0x03,             /* SHA-1/ECDSA */

    };



    if (data >= (d + n - 2))

    if (data >= (limit - 2))

        return;

    data += 2;



    if (data > (d + n - 4))

    if (data > (limit - 4))

        return;

    n2s(data, type);

    n2s(data, size);
@@ -1878,7 +1878,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 
    if (type != TLSEXT_TYPE_server_name)

        return;



    if (data + size > d + n)

    if (data + size > limit)

        return;

    data += size;
@@ -1886,7 +1886,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 
        const size_t len1 = sizeof(kSafariExtensionsBlock);

        const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);



        if (data + len1 + len2 != d + n)

        if (data + len1 + len2 != limit)

            return;

        if (memcmp(data, kSafariExtensionsBlock, len1) != 0)

            return;
@@ -1895,7 +1895,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, 
    } else {

        const size_t len = sizeof(kSafariExtensionsBlock);



        if (data + len != d + n)

        if (data + len != limit)

            return;

        if (memcmp(data, kSafariExtensionsBlock, len) != 0)

            return;
@@ -1974,7 +1974,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, 
}



static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,

                                       unsigned char *d, int n, int *al)

                                       unsigned char *limit, int *al)

{

    unsigned short type;

    unsigned short size;
@@ -1999,7 +1999,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, 


# ifndef OPENSSL_NO_EC

    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)

        ssl_check_for_safari(s, data, d, n);

        ssl_check_for_safari(s, data, limit);

# endif                         /* !OPENSSL_NO_EC */



    /* Clear any signature algorithms extension received */
@@ -2016,22 +2016,22 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, 


    s->srtp_profile = NULL;



    if (data == d + n)

    if (data == limit)

        goto ri_check;



    if (data > (d + n - 2))

    if (data > (limit - 2))

        goto err;



    n2s(data, len);



    if (data + len != d + n)

    if (data + len != limit)

        goto err;



    while (data <= (d + n - 4)) {

    while (data <= (limit - 4)) {

        n2s(data, type);

        n2s(data, size);



        if (data + size > (d + n))

        if (data + size > (limit))

            goto err;

# if 0

        fprintf(stderr, "Received extension type %d size %d\n", type, size);
@@ -2405,7 +2405,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, 
    }



    /* Spurious data on the end */

    if (data != d + n)

    if (data != limit)

        goto err;



    *p = data;
@@ -2465,8 +2465,8 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, 
    return 1;

}



int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,

                                 int n)

int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,

                                 unsigned char *limit)

{

    int al = -1;

    unsigned char *ptmp = *p;
@@ -2476,7 +2476,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, 
     * switch the parent context using SSL_set_SSL_CTX and custom extensions

     * need to be handled by the new SSL_CTX structure.

     */

    if (ssl_scan_clienthello_tlsext(s, p, d, n, &al) <= 0) {

    if (ssl_scan_clienthello_tlsext(s, p, limit, &al) <= 0) {

        ssl3_send_alert(s, SSL3_AL_FATAL, al);

        return 0;

    }
@@ -2487,7 +2487,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, 
    }



    custom_ext_init(&s->cert->srv_ext);

    if (ssl_scan_clienthello_custom_tlsext(s, ptmp, d + n, &al) <= 0) {

    if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) {

        ssl3_send_alert(s, SSL3_AL_FATAL, al);

        return 0;

    }