https://bugs.exim.org/show_bug.cgi?id=2317
Bug ID: 2317
Summary: Missing Error Check in function
SSL_CTX_set_cipher_list()
Product: Exim
Version: 4.91
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@???
Reporter: chi-li18@???
CC: exim-dev@???
Function SSL_CTX_set_cipher_list() returns 1 if any cipher selected and 0 on
complete failure. However, the SSL_CTX_set_cipher_list() didn't check the
return value is 0 or not.
The unchecked return value.
line: 1242
SSL_CTX_set_cipher_list(server_sni, CS cbinfo->server_cipher_list);
ref:
https://github.com/Exim/exim/blob/exim-4_91%2Bfixes/src/src/tls-openssl.c
===================================================================
The specification about function SSL_CTX_set_cipher_listï¼ï¼
ref:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.html
We find the return value of this call been checked in the same file
Such as,
2000: if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers))
2001: return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL, errstr);
2337: if (!SSL_CTX_set_cipher_list(client_ctx, CS expciphers))
2338: return tls_error(US"SSL_CTX_set_cipher_list", host, NULL, errstr);
2858: if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
2859: {
2860: ERR_error_string(ERR_get_error(), ssl_errstring);
2861: err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed: %s",
2862: expciphers, ssl_errstring);
2863: }
--
You are receiving this mail because:
You are on the CC list for the bug.
