SSL_get_shared_sigalgs: handle negative idx parameter (6d047e06) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit 6d047e06 authored Feb 02, 2017 by

Peter Wu Committed by Matt Caswell Feb 09, 2017

SSL_get_shared_sigalgs: handle negative idx parameter



When idx is negative (as is the case with do_print_sigalgs in
apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read).
Even if the pointer is not dereferenced, this is undefined behavior.

Change the user not to use "-1" as index since the function is
documented to return 0 on out-of-range values.

Tested with `openssl s_server` and `curl -k https://localhost:4433`.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2349)

parent 68a55f3b

Hide whitespace changes

Inline Side-by-side

Please register or to comment