Module Name: src Committed By: christos Date: Thu Oct 27 16:20:23 UTC 2022
Modified Files: src/crypto/external/bsd/openssl/dist/ssl: ssl_ciph.c Log Message: merge upstream commit 9b3219ba544db82cdad3058b9872058739559944: If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.21 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.22 --- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.21 Fri Jan 7 10:50:11 2022 +++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Thu Oct 27 12:20:23 2022 @@ -1026,9 +1026,7 @@ static int ssl_cipher_process_rulestr(co * alphanumeric, so we call this an error. */ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND); - retval = found = 0; - l++; - break; + return 0; } if (rule == CIPHER_SPECIAL) {