[src/trunk]: src/crypto/external/bsd/openssl/dist/ssl merge upstream commit 9...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/external/bsd/openssl/dist/ssl merge upstream commit 9...
From: christos <christos%NetBSD.org@localhost>
Date: Thu, 27 Oct 2022 20:40:07 +0000

details:   https://anonhg.NetBSD.org/src/rev/66d24ef60288
branches:  trunk
changeset: 372123:66d24ef60288
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Oct 27 16:20:23 2022 +0000

description:
merge upstream commit 9b3219ba544db82cdad3058b9872058739559944:

If rule_str ended in a "-", "l" was incremented one byte past the
end of the buffer.  This resulted in an out-of-bounds read when "l"
is dereferenced at the end of the loop.  It is safest to just return
early in this case since the condition occurs inside a nested loop.

diffstat:

 crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c |  4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diffs (14 lines):

diff -r 17f175af9a6b -r 66d24ef60288 crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
--- a/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c   Thu Oct 27 12:59:59 2022 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c   Thu Oct 27 16:20:23 2022 +0000
@@ -1026,9 +1026,7 @@
                  * alphanumeric, so we call this an error.
                  */
                 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
-                retval = found = 0;
-                l++;
-                break;
+               return 0;
             }
 
             if (rule == CIPHER_SPECIAL) {

Prev by Date: [src/netbsd-8]: src/doc Tickets #1778 and #1779
Next by Date: [src/trunk]: src/sys/ddb ddb(4): Declare extern db_active if _KMEMUSER too, n...
Previous by Thread: [src/netbsd-8]: src/doc Tickets #1778 and #1779
Next by Thread: [src/trunk]: src/sys/ddb ddb(4): Declare extern db_active if _KMEMUSER too, n...
Indexes:

Home | Main Index | Thread Index | Old Index