From: Christos Tsantilas Date: Mon, 28 Sep 2015 14:27:56 +0000 (+0300) Subject: Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of X-Git-Tag: SQUID_4_0_1~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e638097a5738154e18460487cb6a17e99fb534bd;p=thirdparty%2Fsquid.git Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of cipher on hello messages The use of these methods can cause many problems in squid: - In earlier openSSL libraries the SSL_METHOD::put_cipher_by_char method with NULL arguments returned the size of cipher in the SSL hello message. In newer openSSL releases, calling this method with NULL arguments is not valid any more, and can result to segfaults. - In newer libreSSL library releases, the SSLv23_method it is used to produce TLS messages and does not return the size of a cipher in an v2 HELLO message. This is a Measurement Factory project --- diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc index da2b1c7321..f3f2a4059c 100644 --- a/src/ssl/bio.cc +++ b/src/ssl/bio.cc @@ -1007,9 +1007,8 @@ Ssl::Bio::sslFeatures::parseV3Hello(const unsigned char *messageContainer, size_ ciphers += 2; if (ciphersLen) { const SSL_METHOD *method = SSLv3_method(); - const int cs = method->put_cipher_by_char(NULL, NULL); - assert(cs > 0); - for (size_t i = 0; i < ciphersLen; i += cs) { + for (size_t i = 0; i < ciphersLen; i += 2) { + // each cipher in v3/tls HELLO message is of size 2 const SSL_CIPHER *c = method->get_cipher_by_char((ciphers + i)); if (c != NULL) { if (!clientRequestedCiphers.empty()) @@ -1105,9 +1104,7 @@ Ssl::Bio::sslFeatures::parseV23Hello(const unsigned char *hello, size_t size) if (ciphersLen) { const SSL_METHOD *method = SSLv23_method(); - int cs = method->put_cipher_by_char(NULL, NULL); - assert(cs > 0); - for (unsigned int i = 0; i < ciphersLen; i += cs) { + for (unsigned int i = 0; i < ciphersLen; i += 3) { // The v2 hello messages cipher has 3 bytes. // The v2 cipher has the first byte not null // Because we are going to sent only v3 message we