OpenSSL: Reject empty cipher list in tls_connection_set_cipher_list()

Previously, this invalid call would have resulted in printing out a
string from uninitialized memory

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a7a77938064ec629440894d110ffd46a7236bc0a..cc96a582ce5cf329ab504c26ba2d4ecf23e38fe3 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4437,6 +4437,10 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 
                c++;
        }
+       if (!buf[0]) {
+               wpa_printf(MSG_DEBUG, "OpenSSL: No ciphers listed");
+               return -1;
+       }
 
        wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);