diff options
author | George Hazan <george.hazan@gmail.com> | 2016-06-08 11:43:48 +0000 |
---|---|---|
committer | George Hazan <george.hazan@gmail.com> | 2016-06-08 11:43:48 +0000 |
commit | 9e46f2867a9c84436cb7f2a0a71c45ffee041030 (patch) | |
tree | a353849407a788fc73db675c638e6231ee18b091 /plugins/OpenSSL/src | |
parent | 3266441e7a1fe35191953f572358af1c855172b5 (diff) |
fixes #1019 (infinite loop in NetlibHttpRecvChunkHeader() parser)
git-svn-id: http://svn.miranda-ng.org/main/trunk@16943 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
Diffstat (limited to 'plugins/OpenSSL/src')
-rw-r--r-- | plugins/OpenSSL/src/ssl_openssl.cpp | 78 |
1 files changed, 36 insertions, 42 deletions
diff --git a/plugins/OpenSSL/src/ssl_openssl.cpp b/plugins/OpenSSL/src/ssl_openssl.cpp index c8071b7aac..d9bcdbd89b 100644 --- a/plugins/OpenSSL/src/ssl_openssl.cpp +++ b/plugins/OpenSSL/src/ssl_openssl.cpp @@ -35,8 +35,16 @@ enum SocketState sockError }; -struct SslHandle +struct SslHandle : public MZeroedObject { + ~SslHandle() + { + if (session) + SSL_free(session); + if (ctx) + SSL_CTX_free(ctx); + } + SOCKET s; SSL_CTX *ctx; SSL *session; @@ -46,7 +54,8 @@ struct SslHandle static void SSL_library_unload(void) { /* Load Library Pointers */ - if (!bSslInitDone) return; + if (!bSslInitDone) + return; WaitForSingleObject(g_hSslMutex, INFINITE); @@ -66,7 +75,8 @@ static void SSL_library_unload(void) static bool SSL_library_load(void) { /* Load Library Pointers */ - if (bSslInitDone) return true; + if (bSslInitDone) + return true; WaitForSingleObject(g_hSslMutex, INFINITE); @@ -74,8 +84,7 @@ static bool SSL_library_load(void) g_hOpenSSLCrypto = LoadLibraryA("libeay32.dll"); g_hOpenSSL = LoadLibraryA("ssleay32.dll"); g_hWinCrypt = LoadLibraryA("crypt32.dll"); - if (g_hOpenSSL && g_hOpenSSLCrypto && g_hWinCrypt) - { + if (g_hOpenSSL && g_hOpenSSLCrypto && g_hWinCrypt) { // init OpenSSL SSL_library_init(); SSL_load_error_strings(); @@ -84,9 +93,7 @@ static bool SSL_library_load(void) bSslInitDone = true; } - else { - SSL_library_unload(); - } + else SSL_library_unload(); } return bSslInitDone; @@ -132,15 +139,7 @@ static void ReportSslError(SECURITY_STATUS scRet, int line, bool = false) void NetlibSslFree(SslHandle *ssl) { - if (ssl == NULL) return; - - /* Delete Context */ - if (ssl->session) - SSL_free(ssl->session); - if (ssl->ctx) - SSL_CTX_free(ssl->ctx); - - mir_free(ssl); + delete ssl; } BOOL NetlibSslPending(HSSL ssl) @@ -185,7 +184,7 @@ static bool ClientConnect(SslHandle *ssl, const char*) return false; } - const char* suite = SSL_GetCipherName(ssl); + const char *suite = SSL_GetCipherName(ssl); if (suite != NULL) Netlib_Logf(0, "SSL established with %s", suite); return true; @@ -193,11 +192,10 @@ static bool ClientConnect(SslHandle *ssl, const char*) static PCCERT_CONTEXT SSL_X509ToCryptCert(X509 * x509) { - int len; - unsigned char * buf = NULL; + unsigned char *buf = NULL; PCCERT_CONTEXT pCertContext = NULL; - len = i2d_X509(x509, &buf); + int len = i2d_X509(x509, &buf); if ((len >= 0) && buf) { pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, len); @@ -210,7 +208,7 @@ static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) { /* convert the active certificate chain provided in the handshake of 'session' into the format used by CryptAPI. - */ + */ PCCERT_CONTEXT anchor = NULL; // create cert store HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, NULL, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, NULL); @@ -225,10 +223,8 @@ static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) // add all remaining certs to store (note: stack needs not be freed, it is not a copy) STACK_OF(X509) *server_chain = SSL_get_peer_cert_chain(session); if (server_chain) { - X509 *next_cert; - int i; - for (i = 0; i < server_chain->stack.num; i++) { - next_cert = (X509 *)server_chain->stack.data[i]; + for (int i = 0; i < server_chain->stack.num; i++) { + X509 *next_cert = (X509 *)server_chain->stack.data[i]; CertAddCertificateContextToStore(store, SSL_X509ToCryptCert(next_cert), CERT_STORE_ADD_USE_EXISTING, NULL); } } @@ -237,7 +233,8 @@ static PCCERT_CONTEXT SSL_CertChainToCryptAnchor(SSL* session) anchor = primary_cert; } else { - if (primary_cert) CertFreeCertificateContext(primary_cert); + if (primary_cert) + CertFreeCertificateContext(primary_cert); } X509_free(server_cert); @@ -322,8 +319,8 @@ cleanup: SslHandle* NetlibSslConnect(SOCKET s, const char* host, int verify) { /* negotiate SSL session, verify cert, return NULL if failed */ - - SslHandle *ssl = (SslHandle*)mir_calloc(sizeof(SslHandle)); + + SslHandle *ssl = new SslHandle(); ssl->s = s; bool res = ClientConnect(ssl, host); @@ -337,7 +334,7 @@ SslHandle* NetlibSslConnect(SOCKET s, const char* host, int verify) if (res) return ssl; - NetlibSslFree(ssl); + delete ssl; return NULL; } @@ -364,17 +361,15 @@ int NetlibSslRead(SslHandle *ssl, char *buf, int num, int peek) if (err <= 0) { int err2 = SSL_get_error(ssl->session, err); - switch (err2) { - case SSL_ERROR_ZERO_RETURN: + if (err2 == SSL_ERROR_ZERO_RETURN) { Netlib_Logf(0, "SSL connection gracefully closed"); ssl->state = sockClosed; - break; - default: - Netlib_Logf(0, "SSL failure recieving data (%d, %d, %d)", err, err2, WSAGetLastError()); - ssl->state = sockError; - return SOCKET_ERROR; + return 0; } - return 0; + + Netlib_Logf(0, "SSL failure recieving data (%d, %d, %d)", err, err2, WSAGetLastError()); + ssl->state = sockError; + return SOCKET_ERROR; } return err; @@ -389,7 +384,7 @@ int NetlibSslWrite(SslHandle *ssl, const char *buf, int num) int err = SSL_write(ssl->session, buf, num); if (err > 0) return err; - + int err2 = SSL_get_error(ssl->session, err); switch (err2) { case SSL_ERROR_ZERO_RETURN: @@ -406,7 +401,7 @@ int NetlibSslWrite(SslHandle *ssl, const char *buf, int num) static INT_PTR GetSslApi(WPARAM, LPARAM lParam) { - SSL_API* pSsl = (SSL_API*)lParam; + SSL_API *pSsl = (SSL_API*)lParam; if (pSsl == NULL) return FALSE; @@ -424,8 +419,7 @@ static INT_PTR GetSslApi(WPARAM, LPARAM lParam) int LoadSslModule(void) { - if (!SSL_library_load()) - { + if (!SSL_library_load()) { MessageBoxW(NULL, TranslateT("OpenSSL library loading failed"), TranslateT("OpenSSL error"), MB_ICONERROR | MB_OK); return 1; } |