fix PACKET_remaining usage

phuslu · phuslu · commit d27041f194e2 · 2025-01-27T01:05:12.000+08:00
diff --git a/patches/openssl.OpenSSL_1_1_1-stable.patch b/patches/openssl.OpenSSL_1_1_1-stable.patch
@@ -1,5 +1,5 @@
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index 9af0c899..c77a04cd 100644
+index 9af0c8995e..c77a04cd90 100644
 --- a/include/openssl/ssl.h
 +++ b/include/openssl/ssl.h
 @@ -1818,6 +1818,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
@@ -11,7 +11,7 @@ index 9af0c899..c77a04cd 100644
                                const unsigned char **out, size_t *outlen);
  
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 76d9fda4..a29114f2 100644
+index 76d9fda46e..a29114f215 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -131,6 +131,15 @@ extern "C" {
@@ -31,10 +31,10 @@ index 76d9fda4..a29114f2 100644
  # define TLSEXT_TYPE_session_ticket              35
  
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 47adc321..635b23b3 100644
+index 47adc3211c..be20746b98 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -5219,6 +5219,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -5219,6 +5219,94 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
  
@@ -74,11 +74,12 @@ index 47adc321..635b23b3 100644
 +    ptr += 2;
 +
 +    /* ciphers */
-+    num = PACKET_remaining(&s->clienthello->ciphersuites);
-+    *(uint16_t*)ptr = (uint16_t)num;
-+    ptr += 2;
-+    memcpy(ptr, PACKET_data(&s->clienthello->ciphersuites), num);
-+    ptr += num;
++    if (num = PACKET_remaining(&s->clienthello->ciphersuites)) {
++        *(uint16_t*)ptr = (uint16_t)num;
++        ptr += 2;
++        memcpy(ptr, PACKET_data(&s->clienthello->ciphersuites), num);
++        ptr += num;
++    }
 +
 +    /* extensions */
 +    num = 0;
@@ -104,19 +105,17 @@ index 47adc321..635b23b3 100644
 +    ptr += num*2;
 +
 +    /* groups */
-+    if (groups) {
-+        num = PACKET_remaining(groups);
++    if (groups && (num = PACKET_remaining(groups))) {
 +        memcpy(ptr, PACKET_data(groups), num);
 +        *(uint16_t*)ptr = (uint16_t)num;
 +        ptr += num;
 +    } else {
-+         *(uint16_t*)ptr = 0;
-+         ptr += 2;
++        *(uint16_t*)ptr = 0;
++        ptr += 2;
 +    }
 +
 +    /* formats */
-+    if (formats) {
-+        num = PACKET_remaining(formats);
++    if (formats && (num = PACKET_remaining(formats))) {
 +        memcpy(ptr, PACKET_data(formats), num);
 +        *ptr = (uint8_t)num;
 +        ptr += num;
@@ -131,7 +130,7 @@ index 47adc321..635b23b3 100644
                         size_t *outlen)
  {
 diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
-index 5c792154..a3038c79 100644
+index 5c79215423..a3038c79ea 100644
 --- a/ssl/ssl_local.h
 +++ b/ssl/ssl_local.h
 @@ -714,6 +714,10 @@ typedef enum tlsext_index_en {
@@ -146,7 +145,7 @@ index 5c792154..a3038c79 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 0f39275b..7cb1e622 100644
+index 0f39275baa..7cb1e62287 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -377,6 +377,38 @@ static const EXTENSION_DEFINITION ext_defs[] = {
diff --git a/patches/openssl.openssl-3.0.patch b/patches/openssl.openssl-3.0.patch
@@ -11,7 +11,7 @@ index 105b4a4a3c..6c7eb4643a 100644
                                const unsigned char **out, size_t *outlen);
  
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index d6e9331fa1..b62b4e380d 100644
+index 91558fa8d1..b04e6ec4fa 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -134,6 +134,15 @@ extern "C" {
@@ -31,10 +31,10 @@ index d6e9331fa1..b62b4e380d 100644
  # define TLSEXT_TYPE_session_ticket              35
  
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 2c8479eb5f..4c62687258 100644
+index e628140dfa..512e5a552c 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -5463,6 +5463,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -5481,6 +5481,94 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
  
@@ -74,11 +74,12 @@ index 2c8479eb5f..4c62687258 100644
 +    ptr += 2;
 +
 +    /* ciphers */
-+    num = PACKET_remaining(&s->clienthello->ciphersuites);
-+    *(uint16_t*)ptr = (uint16_t)num;
-+    ptr += 2;
-+    memcpy(ptr, PACKET_data(&s->clienthello->ciphersuites), num);
-+    ptr += num;
++    if (num = PACKET_remaining(&s->clienthello->ciphersuites)) {
++        *(uint16_t*)ptr = (uint16_t)num;
++        ptr += 2;
++        memcpy(ptr, PACKET_data(&s->clienthello->ciphersuites), num);
++        ptr += num;
++    }
 +
 +    /* extensions */
 +    num = 0;
@@ -104,19 +105,17 @@ index 2c8479eb5f..4c62687258 100644
 +    ptr += num*2;
 +
 +    /* groups */
-+    if (groups) {
-+        num = PACKET_remaining(groups);
++    if (groups && (num = PACKET_remaining(groups))) {
 +        memcpy(ptr, PACKET_data(groups), num);
 +        *(uint16_t*)ptr = (uint16_t)num;
 +        ptr += num;
 +    } else {
-+         *(uint16_t*)ptr = 0;
-+         ptr += 2;
++        *(uint16_t*)ptr = 0;
++        ptr += 2;
 +    }
 +
 +    /* formats */
-+    if (formats) {
-+        num = PACKET_remaining(formats);
++    if (formats && (num = PACKET_remaining(formats))) {
 +        memcpy(ptr, PACKET_data(formats), num);
 +        *ptr = (uint8_t)num;
 +        ptr += num;
@@ -146,7 +145,7 @@ index 5fb1feb801..99f1370ea3 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 1518ca7f4e..66a83bcb16 100644
+index f8157389b7..fb5e1a8453 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -370,6 +370,38 @@ static const EXTENSION_DEFINITION ext_defs[] = {
diff --git a/patches/openssl.openssl-3.1.patch b/patches/openssl.openssl-3.1.patch
@@ -11,7 +11,7 @@ index f03f52fbd8..3140c3c5c5 100644
                                const unsigned char **out, size_t *outlen);
  
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 793155e186..ef1f187b15 100644
+index 03f43744b1..a54c78e1fe 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -134,6 +134,15 @@ extern "C" {
@@ -31,10 +31,10 @@ index 793155e186..ef1f187b15 100644
  # define TLSEXT_TYPE_session_ticket              35
  
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index b5cc4af2f0..578598e664 100644
+index f218dcf1db..8bf43c4c58 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -5464,6 +5464,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -5482,6 +5482,94 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
  
@@ -74,11 +74,12 @@ index b5cc4af2f0..578598e664 100644
 +    ptr += 2;
 +
 +    /* ciphers */
-+    num = PACKET_remaining(&s->clienthello->ciphersuites);
-+    *(uint16_t*)ptr = (uint16_t)num;
-+    ptr += 2;
-+    memcpy(ptr, PACKET_data(&s->clienthello->ciphersuites), num);
-+    ptr += num;
++    if (num = PACKET_remaining(&s->clienthello->ciphersuites)) {
++        *(uint16_t*)ptr = (uint16_t)num;
++        ptr += 2;
++        memcpy(ptr, PACKET_data(&s->clienthello->ciphersuites), num);
++        ptr += num;
++    }
 +
 +    /* extensions */
 +    num = 0;
@@ -104,19 +105,17 @@ index b5cc4af2f0..578598e664 100644
 +    ptr += num*2;
 +
 +    /* groups */
-+    if (groups) {
-+        num = PACKET_remaining(groups);
++    if (groups && (num = PACKET_remaining(groups))) {
 +        memcpy(ptr, PACKET_data(groups), num);
 +        *(uint16_t*)ptr = (uint16_t)num;
 +        ptr += num;
 +    } else {
-+         *(uint16_t*)ptr = 0;
-+         ptr += 2;
++        *(uint16_t*)ptr = 0;
++        ptr += 2;
 +    }
 +
 +    /* formats */
-+    if (formats) {
-+        num = PACKET_remaining(formats);
++    if (formats && (num = PACKET_remaining(formats))) {
 +        memcpy(ptr, PACKET_data(formats), num);
 +        *ptr = (uint8_t)num;
 +        ptr += num;
@@ -146,7 +145,7 @@ index 845329a809..8fa0619feb 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index e182b5abac..7d5adbf845 100644
+index 2ff809bc0f..fd730c09b8 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -369,6 +369,38 @@ static const EXTENSION_DEFINITION ext_defs[] = {
diff --git a/patches/openssl.openssl-3.2.patch b/patches/openssl.openssl-3.2.patch
@@ -11,7 +11,7 @@ index 9f91039f8a..81b9c51892 100644
                                           size_t *num_exts);
  int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 7e3d1a725b..ecee15e29f 100644
+index 5329338efa..9755b5f44c 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -142,6 +142,13 @@ extern "C" {
@@ -29,10 +29,10 @@ index 7e3d1a725b..ecee15e29f 100644
  # define TLSEXT_TYPE_compress_certificate        27
  
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 26cae27dae..f5d1d8013a 100644
+index a6695ca4a0..4af995af35 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -6572,6 +6572,99 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -6595,6 +6595,98 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
  
@@ -76,11 +76,12 @@ index 26cae27dae..f5d1d8013a 100644
 +    ptr += 2;
 +
 +    /* ciphers */
-+    num = PACKET_remaining(&sc->clienthello->ciphersuites);
-+    *(uint16_t*)ptr = (uint16_t)num;
-+    ptr += 2;
-+    memcpy(ptr, PACKET_data(&sc->clienthello->ciphersuites), num);
-+    ptr += num;
++    if (num = PACKET_remaining(&sc->clienthello->ciphersuites)) {
++        *(uint16_t*)ptr = (uint16_t)num;
++        ptr += 2;
++        memcpy(ptr, PACKET_data(&sc->clienthello->ciphersuites), num);
++        ptr += num;
++    }
 +
 +    /* extensions */
 +    num = 0;
@@ -106,19 +107,17 @@ index 26cae27dae..f5d1d8013a 100644
 +    ptr += num*2;
 +
 +    /* groups */
-+    if (groups) {
-+        num = PACKET_remaining(groups);
++    if (groups && (num = PACKET_remaining(groups))) {
 +        memcpy(ptr, PACKET_data(groups), num);
 +        *(uint16_t*)ptr = (uint16_t)num;
 +        ptr += num;
 +    } else {
-+         *(uint16_t*)ptr = 0;
-+         ptr += 2;
++        *(uint16_t*)ptr = 0;
++        ptr += 2;
 +    }
 +
 +    /* formats */
-+    if (formats) {
-+        num = PACKET_remaining(formats);
++    if (formats && (num = PACKET_remaining(formats))) {
 +        memcpy(ptr, PACKET_data(formats), num);
 +        *ptr = (uint8_t)num;
 +        ptr += num;
@@ -133,10 +132,10 @@ index 26cae27dae..f5d1d8013a 100644
  {
      RAW_EXTENSION *ext;
 diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
-index 0d3acfbe66..01ceec6897 100644
+index 5f19e679fc..a5241e163d 100644
 --- a/ssl/ssl_local.h
 +++ b/ssl/ssl_local.h
-@@ -707,6 +707,9 @@ typedef enum tlsext_index_en {
+@@ -708,6 +708,9 @@ typedef enum tlsext_index_en {
      TLSEXT_IDX_compress_certificate,
      TLSEXT_IDX_early_data,
      TLSEXT_IDX_certificate_authorities,
@@ -147,7 +146,7 @@ index 0d3acfbe66..01ceec6897 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 0a64ca2246..9460207d1f 100644
+index c35c2ccd33..55c04a9937 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -411,6 +411,30 @@ static const EXTENSION_DEFINITION ext_defs[] = {
