Skip to content

Commit a223bae

Browse files
ethomsonethomson
authored
Merge pull request libgit2#4437 from pks-t/pks/openssl-hash-errors
hash: openssl: check return values of SHA1_* functions
2 parents 399c0b1 + ba56f78 commit a223bae

File tree

2 files changed

+31
-8
lines changed

2 files changed

+31
-8
lines changed

src/hash/hash_openssl.h

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,21 +23,36 @@ struct git_hash_ctx {
2323
GIT_INLINE(int) git_hash_init(git_hash_ctx *ctx)
2424
{
2525
assert(ctx);
26-
SHA1_Init(&ctx->c);
26+
27+
if (SHA1_Init(&ctx->c) != 1) {
28+
giterr_set(GITERR_SHA1, "hash_openssl: failed to initialize hash context");
29+
return -1;
30+
}
31+
2732
return 0;
2833
}
2934

3035
GIT_INLINE(int) git_hash_update(git_hash_ctx *ctx, const void *data, size_t len)
3136
{
3237
assert(ctx);
33-
SHA1_Update(&ctx->c, data, len);
38+
39+
if (SHA1_Update(&ctx->c, data, len) != 1) {
40+
giterr_set(GITERR_SHA1, "hash_openssl: failed to update hash");
41+
return -1;
42+
}
43+
3444
return 0;
3545
}
3646

3747
GIT_INLINE(int) git_hash_final(git_oid *out, git_hash_ctx *ctx)
3848
{
3949
assert(ctx);
40-
SHA1_Final(out->id, &ctx->c);
50+
51+
if (SHA1_Final(out->id, &ctx->c) != 1) {
52+
giterr_set(GITERR_SHA1, "hash_openssl: failed to finalize hash");
53+
return -1;
54+
}
55+
4156
return 0;
4257
}
4358

src/streams/openssl.c

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -282,8 +282,9 @@ static int ssl_set_error(SSL *ssl, int error)
282282
case SSL_ERROR_SYSCALL:
283283
e = ERR_get_error();
284284
if (e > 0) {
285-
giterr_set(GITERR_NET, "SSL error: %s",
286-
ERR_error_string(e, NULL));
285+
char errmsg[256];
286+
ERR_error_string_n(e, errmsg, sizeof(errmsg));
287+
giterr_set(GITERR_NET, "SSL error: %s", errmsg);
287288
break;
288289
} else if (error < 0) {
289290
giterr_set(GITERR_OS, "SSL error: syscall failure");
@@ -293,10 +294,13 @@ static int ssl_set_error(SSL *ssl, int error)
293294
return GIT_EEOF;
294295
break;
295296
case SSL_ERROR_SSL:
297+
{
298+
char errmsg[256];
296299
e = ERR_get_error();
297-
giterr_set(GITERR_NET, "SSL error: %s",
298-
ERR_error_string(e, NULL));
300+
ERR_error_string_n(e, errmsg, sizeof(errmsg));
301+
giterr_set(GITERR_NET, "SSL error: %s", errmsg);
299302
break;
303+
}
300304
case SSL_ERROR_NONE:
301305
case SSL_ERROR_ZERO_RETURN:
302306
default:
@@ -645,8 +649,12 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
645649
int git_openssl__set_cert_location(const char *file, const char *path)
646650
{
647651
if (SSL_CTX_load_verify_locations(git__ssl_ctx, file, path) == 0) {
652+
char errmsg[256];
653+
654+
ERR_error_string_n(ERR_get_error(), errmsg, sizeof(errmsg));
648655
giterr_set(GITERR_SSL, "OpenSSL error: failed to load certificates: %s",
649-
ERR_error_string(ERR_get_error(), NULL));
656+
errmsg);
657+
650658
return -1;
651659
}
652660
return 0;

0 commit comments

Comments
 (0)