From 3a64a90187c7c11ce464cc3b66c2f9c7d2f4b639 Mon Sep 17 00:00:00 2001 From: Riza Sulistyo Date: Tue, 10 May 2016 06:32:30 +0000 Subject: Misc (re #1882): Fixed buffer size not sufficient when setting cipher list. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5285 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib/src/pj/ssl_sock_ossl.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index b9c9bd99..8567147a 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -837,7 +837,9 @@ static void reset_ssl_sock_state(pj_ssl_sock_t *ssock) /* Generate cipher list with user preference order in OpenSSL format */ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) { - char buf[1024]; + pj_pool_t *tmp_pool = NULL; + char *buf = NULL; + enum { BUF_SIZE = 8192 }; pj_str_t cipher_list; STACK_OF(SSL_CIPHER) *sk_cipher; unsigned i; @@ -852,6 +854,14 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) return PJ_SUCCESS; } + /* Create temporary pool. */ + tmp_pool = pj_pool_create(ssock->pool->factory, "ciphpool", BUF_SIZE, + BUF_SIZE/2 , NULL); + if (!tmp_pool) + return PJ_ENOMEM; + + buf = (char *)pj_pool_zalloc(tmp_pool, BUF_SIZE); + pj_strset(&cipher_list, buf, 0); /* Set SSL with ALL available ciphers */ @@ -872,7 +882,7 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) /* Check buffer size */ if (cipher_list.slen + pj_ansi_strlen(c_name) + 2 > - sizeof(buf)) + BUF_SIZE) { pj_assert(!"Insufficient temporary buffer for cipher"); return PJ_ETOOMANY; @@ -895,9 +905,11 @@ static pj_status_t set_cipher_list(pj_ssl_sock_t *ssock) /* Finally, set chosen cipher list */ ret = SSL_set_cipher_list(ssock->ossl_ssl, buf); if (ret < 1) { + pj_pool_release(tmp_pool); return GET_SSL_STATUS(ssock); } + pj_pool_release(tmp_pool); return PJ_SUCCESS; } -- cgit v1.2.3