The branch OpenSSL_1_0_1-stable has been updated via 396e30044910df29b81a416de42a94eb4355cd70 (commit) via 402634f8aaf2f2c83b2cc648a0ae376247b029f4 (commit) from b11980d79a52ec08844f08bea0e66c04b691840b (commit)
- Log ----------------------------------------------------------------- commit 396e30044910df29b81a416de42a94eb4355cd70 Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 11 19:38:39 2015 +0100 Fix "make test" seg fault with SCTP enabled When config'd with "sctp" running "make test" causes a seg fault. This is actually due to the way ssltest works - it dives under the covers and frees up BIOs manually and so some BIOs are NULL when the SCTP code does not expect it. The simplest fix is just to add some sanity checks to make sure the BIOs aren't NULL before we use them. This problem occurs in master and 1.0.2. The fix has also been applied to 1.0.1 to keep the code in sync. Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit f75d5171be0b3b5419c8974133e1573cf976a8bb) commit 402634f8aaf2f2c83b2cc648a0ae376247b029f4 Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 11 19:36:43 2015 +0100 Fix missing return value checks in SCTP There are some missing return value checks in the SCTP code. In master this was causing a compilation failure when config'd with "--strict-warnings sctp". Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit d8e8590ed90eba6ef651d09d77befb14f980de2c) ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 7 +++++-- ssl/d1_clnt.c | 16 ++++++++++++---- ssl/d1_srvr.c | 18 +++++++++++++----- 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 8dd8ea3..d453c07 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1490,9 +1490,12 @@ int dtls1_shutdown(SSL *s) { int ret; #ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s)) && + BIO *wbio; + + wbio = SSL_get_wbio(s); + if (wbio != NULL && BIO_dgram_is_sctp(wbio) && !(s->shutdown & SSL_SENT_SHUTDOWN)) { - ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s)); + ret = BIO_dgram_sctp_wait_for_dry(wbio); if (ret < 0) return -1; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 377c1e6..a9c4ed0 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -350,11 +350,15 @@ int dtls1_connect(SSL *s) sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, - 0); + 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, @@ -484,9 +488,13 @@ int dtls1_connect(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 41c7dc5..d716f0a 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -405,9 +405,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, - sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + if (SSL_export_keying_material(s, sctpauthkey, + sizeof(sctpauthkey), labelbuffer, + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); @@ -628,9 +632,13 @@ int dtls1_accept(SSL *s) snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL), DTLS1_SCTP_AUTH_LABEL); - SSL_export_keying_material(s, sctpauthkey, + if (SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, - sizeof(labelbuffer), NULL, 0, 0); + sizeof(labelbuffer), NULL, 0, 0) <= 0) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits