[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-users] [PATCH 1/4] openssl: prevent truncation attacks
From: |
Florian Zumbiehl |
Subject: |
[Chicken-users] [PATCH 1/4] openssl: prevent truncation attacks |
Date: |
Tue, 2 Apr 2013 06:55:59 +0200 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
Fix unauthenticated data being passed directly from the socket to the port,
bypassing openssl, in order to prevent truncation attacks.
---
openssl.scm | 16 +++++++---------
1 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/openssl.scm b/openssl.scm
index b9b6baa..9433bcd 100644
--- a/openssl.scm
+++ b/openssl.scm
@@ -253,7 +253,8 @@ EOF
"unsigned char ch;\n"
"int ret;\n"
"switch (ret = SSL_read((SSL *)ssl, &ch, 1)) {\n"
- "case 0: return(C_SCHEME_END_OF_FILE);\n"
+ "case 0: return(SSL_get_error((SSL *)ssl, 0) ==
SSL_ERROR_ZERO_RETURN ?\n"
+ " C_SCHEME_END_OF_FILE : C_fix(0));\n"
"case 1: return(C_make_character(ch));\n"
"default: return(C_fix(ret));\n"
"}\n")
@@ -398,11 +399,10 @@ EOF
(lambda () (ssl-get-char ssl))
fd (tcp-read-timeout)
"SSL read timed out")))
- (if buffer
- (let ((ch buffer))
- (set! buffer #f)
- ch)
- #!eof))
+ (let ((ch buffer))
+ (unless (eof-object? buffer)
+ (set! buffer #f))
+ ch))
;; ready?
(lambda ()
(startup)
@@ -427,9 +427,7 @@ EOF
(lambda () (ssl-get-char ssl))
fd (tcp-read-timeout)
"SSL read timed out")))
- (if buffer
- buffer
- #!eof)))))
+ buffer))))
(out
(make-output-port
;; write
--
1.7.2.5