Fix off-by-one errors in ssl_cipher_get_evp()

In the ssl_cipher_get_evp() function, fix off-by-one errors in index
validation before accessing arrays.

PR#3375

(Imported from upstream's 3d86077427f93dc46b18fee706b567ec32ac232a)
This commit is contained in:
Adam Langley 2014-06-20 12:00:00 -07:00
parent 006779a02c
commit 4c65f3a2f1

View File

@ -469,7 +469,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
break; break;
} }
if ((i < 0) || (i > SSL_ENC_NUM_IDX)) if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
*enc=NULL; *enc=NULL;
else else
{ {
@ -503,7 +503,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
i= -1; i= -1;
break; break;
} }
if ((i < 0) || (i > SSL_MD_NUM_IDX)) if ((i < 0) || (i >= SSL_MD_NUM_IDX))
{ {
*md=NULL; *md=NULL;
if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;