Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 734534: Fix a buffer length bug and nits in the next protocol

Browse Source 
negotiation (NPN) functions.  r=agl.
Modified Files:
	ssl3ext.c sslsock.c


git-svn-id: svn://10.0.0.236/trunk@263560 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
wtc%google.com 2012-03-12 19:14:12 +00:00
parent 142bddc9ee
commit bb548cd810
2 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
mozilla/security/nss/lib/ssl/ssl3ext.c
View File

@ -41,7 +41,7 @@
* ***** END LICENSE BLOCK ***** */
/* TLS extension code moved here from ssl3ecc.c */
/* $Id: ssl3ext.c,v 1.21 2012-02-15 21:52:08 kaie%kuix.de Exp $ */
/* $Id: ssl3ext.c,v 1.22 2012-03-12 19:14:12 wtc%google.com Exp $ */
#include "nssrenam.h"
#include "nss.h"
@ -592,10 +592,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
unsigned char resultBuffer[255];
SECItem result = { siBuffer, resultBuffer, 0 };
if (ss->firstHsDone) {
PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
return SECFailure;
}
PORT_Assert(!ss->firstHsDone);
rv = ssl3_ValidateNextProtoNego(data->data, data->len);
if (rv != SECSuccess)
@ -607,6 +604,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
*/
PORT_Assert(ss->nextProtoCallback != NULL);
if (!ss->nextProtoCallback) {
/* XXX Use a better error code. This is an application error, not an
* NSS bug. */
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@ -617,7 +616,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
return rv;
/* If the callback wrote more than allowed to |result| it has corrupted our
* stack. */
if (result.len > sizeof result) {
if (result.len > sizeof resultBuffer) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
return SECFailure;
}

11
mozilla/security/nss/lib/ssl/sslsock.c
View File

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsock.c,v 1.83 2012-03-11 04:32:35 wtc%google.com Exp $ */
/* $Id: sslsock.c,v 1.84 2012-03-12 19:14:12 wtc%google.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@ -1382,7 +1382,7 @@ SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
return SECSuccess;
}
/* NextProtoStandardCallback is set as an NPN callback for the case when
/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
* SSL_SetNextProtoNego is used.
*/
static SECStatus
@ -1428,12 +1428,12 @@ pick_first:
result = ss->opt.nextProtoNego.data;
found:
*protoOutLen = result[0];
if (protoMaxLen < result[0]) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
return SECFailure;
}
memcpy(protoOut, result + 1, result[0]);
*protoOutLen = result[0];
return SECSuccess;
}
@ -1487,13 +1487,12 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
ss->ssl3.nextProto.data) {
*bufLen = ss->ssl3.nextProto.len;
if (*bufLen > bufLenMax) {
if (ss->ssl3.nextProto.len > bufLenMax) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
*bufLen = 0;
return SECFailure;
}
PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
*bufLen = ss->ssl3.nextProto.len;
} else {
*bufLen = 0;
}