The branch master has been updated via f75d5171be0b3b5419c8974133e1573cf976a8bb (commit) via d8e8590ed90eba6ef651d09d77befb14f980de2c (commit) from 6142f5c640f98429d4798b8418e8cc2cf6cc1fb8 (commit)
- Log ----------------------------------------------------------------- commit f75d5171be0b3b5419c8974133e1573cf976a8bb Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 11 19:38:39 2015 +0100 Fix "make test" seg fault with SCTP enabled When config'd with "sctp" running "make test" causes a seg fault. This is actually due to the way ssltest works - it dives under the covers and frees up BIOs manually and so some BIOs are NULL when the SCTP code does not expect it. The simplest fix is just to add some sanity checks to make sure the BIOs aren't NULL before we use them. This problem occurs in master and 1.0.2. The fix has also been applied to 1.0.1 to keep the code in sync. Reviewed-by: Tim Hudson <t...@openssl.org> commit d8e8590ed90eba6ef651d09d77befb14f980de2c Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 11 19:36:43 2015 +0100 Fix missing return value checks in SCTP There are some missing return value checks in the SCTP code. In master this was causing a compilation failure when config'd with "--strict-warnings sctp". Reviewed-by: Tim Hudson <t...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 7 +++++-- ssl/d1_clnt.c | 16 ++++++++++++---- ssl/d1_srvr.c | 18 +++++++++++++----- 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index ec47b94..2c3ab54 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1365,9 +1365,12 @@ int dtls1_shutdown(SSL *s) { int ret; #ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && + BIO *wbio; + + wbio = SSL_get_wbio(s); + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && !(s->shutdown & SSL_SENT_SHUTDOWN)) { - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); + ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 566c154..d411614 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -364,11 +364,15 @@ int dtls1_connect(SSL *s) sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, - 0); + 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, @@ -493,9 +497,13 @@ int dtls1_connect(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 19562e1..555bbdf 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -417,9 +417,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + if (SSL_export_keying_material(s, sctpauthkey, + sizeof(sctpauthkey), labelbuffer, + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -606,9 +610,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits