diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-06-10 11:17:39 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-06-10 11:17:39 -0400 |
| commit | 55c7a559df5f349de21ca37ecfe19b736085c317 (patch) | |
| tree | 693582eed608c4b806164656d969d0c14a959fe7 | |
| parent | 307aa7eb43c25f0009de33f9aea4376c329b4fe5 (diff) | |
| parent | cca6198c777dba463aeb4a8fba6a953cde9576a8 (diff) | |
| download | tor-55c7a559df5f349de21ca37ecfe19b736085c317.tar tor-55c7a559df5f349de21ca37ecfe19b736085c317.tar.gz | |
Merge remote-tracking branch 'public/bug12227_024'
| -rw-r--r-- | changes/bug12227 | 5 | ||||
| -rw-r--r-- | src/common/tortls.c | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/changes/bug12227 b/changes/bug12227 new file mode 100644 index 000000000..d8b5d08a5 --- /dev/null +++ b/changes/bug12227 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid an illegal read from stack when initializing the TLS + module using a version of OpenSSL without all of the ciphers + used by the v2 link handshake. Fixes bug 12227; bugfix on + 0.2.4.8-alpha. Found by "starlight". diff --git a/src/common/tortls.c b/src/common/tortls.c index a6444b818..ea0f21cb2 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1477,10 +1477,13 @@ prune_v2_cipher_list(void) inp = outp = v2_cipher_list; while (*inp) { - unsigned char cipherid[2]; + unsigned char cipherid[3]; const SSL_CIPHER *cipher; /* Is there no better way to do this? */ set_uint16(cipherid, htons(*inp)); + cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting + * with a two-byte 'cipherid', it may look for a v2 + * cipher with the appropriate 3 bytes. */ cipher = m->get_cipher_by_char(cipherid); if (cipher) { tor_assert((cipher->id & 0xffff) == *inp); |