Misc (re #1882): Fixed buffer size not sufficient when setting cipher list.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5285 74dad513-b988-da41-8d7b-12977e46ad98

1 files changed, 14 insertions, 2 deletions

diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
index b9c9bd99..8567147a 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -837,7 +837,9 @@ static void reset_ssl_sock_state(pj_ssl_sock_t *ssock)
 /* Generate cipher list with user preference order in OpenSSL format */
 static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock)
 {
-    char buf[1024];
+    pj_pool_t *tmp_pool = NULL;
+    char *buf = NULL;
+    enum { BUF_SIZE = 8192 };
     pj_str_t cipher_list;
     STACK_OF(SSL_CIPHER) *sk_cipher;
     unsigned i;
@@ -852,6 +854,14 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock)
 	return PJ_SUCCESS;
     }
 
+    /* Create temporary pool. */
+    tmp_pool = pj_pool_create(ssock->pool->factory, "ciphpool", BUF_SIZE, 
+			      BUF_SIZE/2 , NULL);
+    if (!tmp_pool)
+	return PJ_ENOMEM;
+
+    buf = (char *)pj_pool_zalloc(tmp_pool, BUF_SIZE);
+
     pj_strset(&cipher_list, buf, 0);
 
     /* Set SSL with ALL available ciphers */
@@ -872,7 +882,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock)
 
 		/* Check buffer size */
 		if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 >
-		    sizeof(buf))
+		    BUF_SIZE)
 		{
 		    pj_assert(!"Insufficient temporary buffer for cipher");
 		    return PJ_ETOOMANY;
@@ -895,9 +905,11 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock)
     /* Finally, set chosen cipher list */
     ret = SSL_set_cipher_list(ssock->ossl_ssl, buf);
     if (ret < 1) {
+	pj_pool_release(tmp_pool);
 	return GET_SSL_STATUS(ssock);
     }
 
+    pj_pool_release(tmp_pool);
     return PJ_SUCCESS;
 }