From 8319bb5059b175caceac882a2943f20ca34b43d1 Mon Sep 17 00:00:00 2001 From: millert Date: Thu, 8 Sep 2022 15:31:12 +0000 Subject: [PATCH] ssl_cipher_process_rulestr: return early if a cipher command is invalid This is a safer fix for the bug where we might read outside rule_str buffer and is how BoringSSL fixed it. OK tb@ --- lib/libssl/ssl_ciph.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 106a9befddb..f39cd2f0988 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.133 2022/09/07 21:34:22 millert Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.134 2022/09/08 15:31:12 millert Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1010,10 +1010,7 @@ ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, * alphanumeric, so we call this an error. */ SSLerrorx(SSL_R_INVALID_COMMAND); - retval = found = 0; - if (ch != '\0') - l++; - break; + return 0; } if (rule == CIPHER_SPECIAL) { -- 2.20.1