diff options
author | Kurt Cancemi <kurt@x64Architecture.com> | 2014-06-04 03:59:58 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-06-12 21:12:43 +0100 |
commit | 3d86077427f93dc46b18fee706b567ec32ac232a (patch) | |
tree | aff3af79ae5e49563575a6f994cb87e25a50fa7c | |
parent | 56ba280ccd71b2739ef74827c7a2bf71ced3ab80 (diff) |
Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
PR#3375
-rw-r--r-- | ssl/ssl_ciph.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 13127d725e..05b1e5e0db 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -563,7 +563,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, break; } - if ((i < 0) || (i > SSL_ENC_NUM_IDX)) + if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) *enc=NULL; else { @@ -597,7 +597,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, i= -1; break; } - if ((i < 0) || (i > SSL_MD_NUM_IDX)) + if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { *md=NULL; if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; |