Skip to content

Commit b0cbf96

Browse files
dedokphuslu
dedok
authored and
phuslu
committed
Test PACKET_remaing before do memcpy
1 parent ed7c6db commit b0cbf96

File tree

1 file changed

+18
-13
lines changed

1 file changed

+18
-13
lines changed

patches/openssl.openssl-3.4.patch

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,10 @@ index 8e9b110bb3..3a2407b0e4 100644
3030
# define TLSEXT_TYPE_compress_certificate 27
3131

3232
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
33-
index 295b719ff2..429d710fa2 100644
33+
index 295b719ff2..3d92df0db1 100644
3434
--- a/ssl/ssl_lib.c
3535
+++ b/ssl/ssl_lib.c
36-
@@ -6641,6 +6641,101 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
36+
@@ -6641,6 +6641,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
3737
return 0;
3838
}
3939

@@ -59,15 +59,18 @@ index 295b719ff2..429d710fa2 100644
5959
+ *(uint16_t *) ptr = (uint16_t) sc->clienthello->legacy_version;
6060
+ ptr += sizeof(uint16_t);
6161
+
62+
+ /* ciphers */
6263
+ num = PACKET_remaining(&sc->clienthello->ciphersuites);
63-
+ *(uint16_t *) ptr = (uint16_t) num;
64-
+ ptr += sizeof(uint16_t);
64+
+ if (ossl_likely(num > 0)) {
65+
+ *(uint16_t *) ptr = (uint16_t) num;
66+
+ ptr += sizeof(uint16_t);
6567
+
66-
+ if (ossl_unlikely(ptr + num > end))
67-
+ return 0;
68+
+ if (ossl_unlikely(ptr + num > end))
69+
+ return 0;
6870
+
69-
+ memcpy(ptr, PACKET_data(&sc->clienthello->ciphersuites), num);
70-
+ ptr += num;
71+
+ memcpy(ptr, PACKET_data(&sc->clienthello->ciphersuites), num);
72+
+ ptr += num;
73+
+ }
7174
+
7275
+ /* extensions */
7376
+ num = 0;
@@ -99,9 +102,11 @@ index 295b719ff2..429d710fa2 100644
99102
+ }
100103
+
101104
+ ptr += num;
102-
+ /* groups */
103-
+ if (groups) {
104-
+ num = PACKET_remaining(groups);
105+
+
106+
+ /* groups */
107+
+ num = PACKET_remaining(groups);
108+
+ if (groups && num > 0) {
109+
+
105110
+ if (ossl_unlikely((ptr + num + sizeof(uint16_t)) > end))
106111
+ return 0;
107112
+ memcpy(ptr, PACKET_data(groups), num);
@@ -115,8 +120,8 @@ index 295b719ff2..429d710fa2 100644
115120
+ }
116121
+
117122
+ /* formats */
118-
+ if (formats) {
119-
+ num = PACKET_remaining(formats);
123+
+ num = PACKET_remaining(formats);
124+
+ if (formats && num > 0) {
120125
+ if (ossl_unlikely((ptr + num + sizeof(uint8_t)) > end))
121126
+ return 0;
122127
+ memcpy(ptr, PACKET_data(formats), num);

0 commit comments

Comments
 (0)