From: doug Date: Wed, 17 Jun 2015 07:52:22 +0000 (+0000) Subject: Convert ssl_next_proto_validate to CBS. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=37da4462574269ae2ae4363af180fd84f3cddb60;p=openbsd Convert ssl_next_proto_validate to CBS. ok miod@, tweak + ok jsing@ --- diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c index 145ebf27919..fd423a91350 100644 --- a/lib/libssl/src/ssl/t1_lib.c +++ b/lib/libssl/src/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.76 2015/06/17 07:36:30 doug Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1672,22 +1672,23 @@ ri_check: return 1; } -/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No +/* + * ssl_next_proto_validate validates a Next Protocol Negotiation block. No * elements of zero length are allowed and the set of elements must exactly fill - * the length of the block. */ + * the length of the block. + */ static char -ssl_next_proto_validate(unsigned char *d, unsigned len) +ssl_next_proto_validate(const unsigned char *d, unsigned int len) { - unsigned int off = 0; + CBS npn, value; - while (off < len) { - if (d[off] == 0) + CBS_init(&npn, d, len); + while (CBS_len(&npn) > 0) { + if (!CBS_get_u8_length_prefixed(&npn, &value) || + CBS_len(&value) == 0) return 0; - off += d[off]; - off++; } - - return off == len; + return 1; } int diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 145ebf27919..fd423a91350 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.76 2015/06/17 07:36:30 doug Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.77 2015/06/17 07:52:22 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1672,22 +1672,23 @@ ri_check: return 1; } -/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No +/* + * ssl_next_proto_validate validates a Next Protocol Negotiation block. No * elements of zero length are allowed and the set of elements must exactly fill - * the length of the block. */ + * the length of the block. + */ static char -ssl_next_proto_validate(unsigned char *d, unsigned len) +ssl_next_proto_validate(const unsigned char *d, unsigned int len) { - unsigned int off = 0; + CBS npn, value; - while (off < len) { - if (d[off] == 0) + CBS_init(&npn, d, len); + while (CBS_len(&npn) > 0) { + if (!CBS_get_u8_length_prefixed(&npn, &value) || + CBS_len(&value) == 0) return 0; - off += d[off]; - off++; } - - return off == len; + return 1; } int