SSL_get_shared_sigalgs: handle negative idx parameter

When idx is negative (as is the case with do_print_sigalgs in apps/s_cb.c), AddressSanitizer complains about a buffer overflow (read). Even if the pointer is not dereferenced, this is undefined behavior. Change the user not to use "-1" as index since the function is documented to return 0 on out-of-range values. Tested with `openssl s_server` and `curl -k https://localhost:4433`. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2349)
author: Peter Wu <peter@lekensteyn.nl> 2017-02-02 12:11:10 +0100
committer: Matt Caswell <matt@openssl.org> 2017-02-09 09:48:46 +0000
commit: 6d047e06e67cd1f6d83a52b83643e96b4cdbfb51 (patch)
tree: 236b80510a9b6fb8a0a1ecb5d2a48b7e7c6823c0 /apps/s_cb.c
parent: 68a55f3b451060c747986aeffa322d32c770dd62 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 550969d704..e0d432dc75 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -239,7 +239,7 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
     int i, nsig, client;
     client = SSL_is_server(s) ? 0 : 1;
     if (shared)
-        nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+        nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
     else
         nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
     if (nsig == 0)
author	Peter Wu <peter@lekensteyn.nl>	2017-02-02 12:11:10 +0100
committer	Matt Caswell <matt@openssl.org>	2017-02-09 09:48:46 +0000
commit	6d047e06e67cd1f6d83a52b83643e96b4cdbfb51 (patch)
tree	236b80510a9b6fb8a0a1ecb5d2a48b7e7c6823c0 /apps/s_cb.c
parent	68a55f3b451060c747986aeffa322d32c770dd62 (diff)