GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-09 16:27:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

worker: added safety check for selected DTLS ciphersuite prior to use

Browse Source 
This avoids a crash when no DTLS ciphersuite is selected and adds a
test case for negotiation without DTLS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
2019-01-19 17:03:52 +01:00
parent 71ef4e4b6a
commit e0f847b984
6 changed files with 50 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/worker-http.c
View File

@@ -432,7 +432,6 @@ void header_value_check(struct worker_st *ws, struct http_req_st *req)
req->selected_ciphersuite = cand;
break;
case HEADER_DTLS12_CIPHERSUITE:
if (req->use_psk || !WSCONFIG(ws)->dtls_legacy)
break;

4
src/worker-vpn.c
View File

@@ -1751,7 +1751,7 @@ static void calc_mtu_values(worker_st * ws)
gnutls_cipher_get(ws->session),
gnutls_mac_get(ws->session));
}
} else {
} else if (ws->req.selected_ciphersuite) {
ws->dtls_crypto_overhead =
tls_get_overhead(ws->req.
selected_ciphersuite->gnutls_version,
@@ -2199,7 +2199,7 @@ static int connect_handler(worker_st * ws)
oclog(ws, LOG_INFO, "DTLS ciphersuite: "DTLS_PROTO_INDICATOR);
ret =
cstp_printf(ws, "X-DTLS-CipherSuite: "DTLS_PROTO_INDICATOR"\r\n");
} else {
} else if (ws->req.selected_ciphersuite) {
ret =
cstp_printf(ws, "X-DTLS-Session-ID: %s\r\n",
ws->buffer);