From: Jouni Malinen <j@w1.fi>
Date: Sat, 11 Feb 2017 13:56:47 +0000 (+0200)
Subject: OpenSSL: Reject empty cipher list in tls_connection_set_cipher_list()
X-Git-Tag: hostap_2_9~89
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=063d28ec838967ab3b25cf184895d254d5c7ff7e;p=thirdparty%2Fhostap.git

OpenSSL: Reject empty cipher list in tls_connection_set_cipher_list()

Previously, this invalid call would have resulted in printing out a
string from uninitialized memory

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a7a779380..cc96a582c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4437,6 +4437,10 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 
 		c++;
 	}
+	if (!buf[0]) {
+		wpa_printf(MSG_DEBUG, "OpenSSL: No ciphers listed");
+		return -1;
+	}
 
 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);