From 3b4ff94931262629063202fbcb4ad72a3e196748 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 2 Aug 2013 12:12:51 -0700 Subject: [PATCH] add paramter validation to SSL I/O calls --- src/ssl.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 9f04bbc79..4daf08cb9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -425,6 +425,9 @@ int CyaSSL_write(CYASSL* ssl, const void* data, int sz) CYASSL_ENTER("SSL_write()"); + if (ssl == NULL || data == NULL || sz < 0) + return BAD_FUNC_ARG; + #ifdef HAVE_ERRNO_H errno = 0; #endif @@ -446,6 +449,9 @@ static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek) CYASSL_ENTER("CyaSSL_read_internal()"); + if (ssl == NULL || data == NULL || sz < 0) + return BAD_FUNC_ARG; + #ifdef HAVE_ERRNO_H errno = 0; #endif @@ -611,10 +617,15 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx) int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) { int ret; - int oldFlags = ssl->wflags; + int oldFlags; CYASSL_ENTER("CyaSSL_send()"); + if (ssl == NULL || data == NULL || sz < 0) + return BAD_FUNC_ARG; + + oldFlags = ssl->wflags; + ssl->wflags = flags; ret = CyaSSL_write(ssl, data, sz); ssl->wflags = oldFlags; @@ -628,10 +639,15 @@ int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags) { int ret; - int oldFlags = ssl->rflags; + int oldFlags; CYASSL_ENTER("CyaSSL_recv()"); + if (ssl == NULL || data == NULL || sz < 0) + return BAD_FUNC_ARG; + + oldFlags = ssl->rflags; + ssl->rflags = flags; ret = CyaSSL_read(ssl, data, sz); ssl->rflags = oldFlags; @@ -678,9 +694,13 @@ int CyaSSL_shutdown(CYASSL* ssl) int CyaSSL_get_error(CYASSL* ssl, int ret) { CYASSL_ENTER("SSL_get_error"); - CYASSL_LEAVE("SSL_get_error", ssl->error); + if (ret > 0) return SSL_ERROR_NONE; + if (ssl == NULL) + return BAD_FUNC_ARG; + + CYASSL_LEAVE("SSL_get_error", ssl->error); /* make sure converted types are handled in SetErrorString() too */ if (ssl->error == WANT_READ)