summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEdward Thomson <ethomson@edwardthomson.com>2018-01-03 14:57:25 -0600
committerGitHub <noreply@github.com>2018-01-03 14:57:25 -0600
commita223bae5cf7629fb77b2af0b0df9d02c634520c0 (patch)
tree5435e02eb3cbb0d69a3da44b3a86e3ef865a50e5
parent399c0b194045be1a7f6440347ce3e08ffc1b8584 (diff)
parentba56f781a91487ad657e1a72888c914b1cec5de9 (diff)
downloadlibgit2-a223bae5cf7629fb77b2af0b0df9d02c634520c0.tar.gz
Merge pull request #4437 from pks-t/pks/openssl-hash-errors
hash: openssl: check return values of SHA1_* functions
Diffstat
-rw-r--r--src/hash/hash_openssl.h21
-rw-r--r--src/streams/openssl.c18
2 files changed, 31 insertions, 8 deletions
diff --git a/src/hash/hash_openssl.h b/src/hash/hash_openssl.h
index 9a55d472d..048c2bdb3 100644
--- a/src/hash/hash_openssl.h
+++ b/src/hash/hash_openssl.h
@@ -23,21 +23,36 @@ struct git_hash_ctx {
GIT_INLINE(int) git_hash_init(git_hash_ctx *ctx)
{
assert(ctx);
- SHA1_Init(&ctx->c);
+
+ if (SHA1_Init(&ctx->c) != 1) {
+ giterr_set(GITERR_SHA1, "hash_openssl: failed to initialize hash context");
+ return -1;
+ }
+
return 0;
}
GIT_INLINE(int) git_hash_update(git_hash_ctx *ctx, const void *data, size_t len)
{
assert(ctx);
- SHA1_Update(&ctx->c, data, len);
+
+ if (SHA1_Update(&ctx->c, data, len) != 1) {
+ giterr_set(GITERR_SHA1, "hash_openssl: failed to update hash");
+ return -1;
+ }
+
return 0;
}
GIT_INLINE(int) git_hash_final(git_oid *out, git_hash_ctx *ctx)
{
assert(ctx);
- SHA1_Final(out->id, &ctx->c);
+
+ if (SHA1_Final(out->id, &ctx->c) != 1) {
+ giterr_set(GITERR_SHA1, "hash_openssl: failed to finalize hash");
+ return -1;
+ }
+
return 0;
}
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index 9d566074c..d00e98e02 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -282,8 +282,9 @@ static int ssl_set_error(SSL *ssl, int error)
case SSL_ERROR_SYSCALL:
e = ERR_get_error();
if (e > 0) {
- giterr_set(GITERR_NET, "SSL error: %s",
- ERR_error_string(e, NULL));
+ char errmsg[256];
+ ERR_error_string_n(e, errmsg, sizeof(errmsg));
+ giterr_set(GITERR_NET, "SSL error: %s", errmsg);
break;
} else if (error < 0) {
giterr_set(GITERR_OS, "SSL error: syscall failure");
@@ -293,10 +294,13 @@ static int ssl_set_error(SSL *ssl, int error)
return GIT_EEOF;
break;
case SSL_ERROR_SSL:
+ {
+ char errmsg[256];
e = ERR_get_error();
- giterr_set(GITERR_NET, "SSL error: %s",
- ERR_error_string(e, NULL));
+ ERR_error_string_n(e, errmsg, sizeof(errmsg));
+ giterr_set(GITERR_NET, "SSL error: %s", errmsg);
break;
+ }
case SSL_ERROR_NONE:
case SSL_ERROR_ZERO_RETURN:
default:
@@ -645,8 +649,12 @@ out_err:
int git_openssl__set_cert_location(const char *file, const char *path)
{
if (SSL_CTX_load_verify_locations(git__ssl_ctx, file, path) == 0) {
+ char errmsg[256];
+
+ ERR_error_string_n(ERR_get_error(), errmsg, sizeof(errmsg));
giterr_set(GITERR_SSL, "OpenSSL error: failed to load certificates: %s",
- ERR_error_string(ERR_get_error(), NULL));
+ errmsg);
+
return -1;
}
return 0;
View Lorry Controller Status