fix sign problems

3 files changed, 18 insertions, 4 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 5557f4cb7b..7e2a8c170f 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -510,8 +510,8 @@ typedef struct ssl_session_st
 #ifndef OPENSSL_NO_TLSEXT
 	char *tlsext_hostname;
 #ifndef OPENSSL_NO_EC
-	int tlsext_ecpointformatlist_length;
-	char * tlsext_ecpointformatlist;
+	size_t tlsext_ecpointformatlist_length;
+	unsigned char *tlsext_ecpointformatlist; /* peer's list */
 #endif /* OPENSSL_NO_EC */
 #endif
 	} SSL_SESSION;
@@ -1064,8 +1064,8 @@ struct ssl_st
 	                          2 : don't call servername callback, no ack in server hello
 	                       */
 #ifndef OPENSSL_NO_EC
-	int tlsext_ecpointformatlist_length;
-	char * tlsext_ecpointformatlist;
+	size_t tlsext_ecpointformatlist_length;
+	unsigned char *tlsext_ecpointformatlist; /* our list */
 #endif /* OPENSSL_NO_EC */
 	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
 #define session_ctx initial_ctx
@@ -1764,8 +1764,10 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
 #define SSL_F_SSL3_WRITE_BYTES				 158
 #define SSL_F_SSL3_WRITE_PENDING			 159
+#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 277
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
+#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 278
 #define SSL_F_SSL_BAD_METHOD				 160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
 #define SSL_F_SSL_CERT_DUP				 221
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ebf1dd09fc..cb88034665 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -166,8 +166,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),	"SSL3_SETUP_KEY_BLOCK"},
 {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),	"SSL3_WRITE_BYTES"},
 {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),	"SSL3_WRITE_PENDING"},
+{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),	"SSL_ADD_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),	"SSL_add_dir_cert_subjects_to_stack"},
 {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),	"SSL_add_file_cert_subjects_to_stack"},
+{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),	"SSL_ADD_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_BAD_METHOD),	"SSL_BAD_METHOD"},
 {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),	"SSL_BYTES_TO_CIPHER_LIST"},
 {ERR_FUNC(SSL_F_SSL_CERT_DUP),	"SSL_CERT_DUP"},
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2eb5bb6745..330963ecab 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -189,6 +189,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
 		if ((lenmax = limit - p - 5) < 0) return NULL; 
 		if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
+		if (s->tlsext_ecpointformatlist_length > 255)
+			{
+			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+			return NULL;
+			}
 		
 		s2n(TLSEXT_TYPE_ec_point_formats,ret);
 		s2n(s->tlsext_ecpointformatlist_length + 1,ret);
@@ -228,6 +233,11 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
 		if ((lenmax = limit - p - 5) < 0) return NULL; 
 		if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
+		if (s->tlsext_ecpointformatlist_length > 255)
+			{
+			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+			return NULL;
+			}
 		
 		s2n(TLSEXT_TYPE_ec_point_formats,ret);
 		s2n(s->tlsext_ecpointformatlist_length + 1,ret);