From 063d28ec838967ab3b25cf184895d254d5c7ff7e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 11 Feb 2017 15:56:47 +0200 Subject: [PATCH] OpenSSL: Reject empty cipher list in tls_connection_set_cipher_list() Previously, this invalid call would have resulted in printing out a string from uninitialized memory Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index a7a779380..cc96a582c 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -4437,6 +4437,10 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, c++; } + if (!buf[0]) { + wpa_printf(MSG_DEBUG, "OpenSSL: No ciphers listed"); + return -1; + } wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);