Return immediately when cipher-string processing fails. Rather than clear variables and break out of a loop that just ends up returning anyway, just return. This makes all the abort points consistent in this function. Change-Id: I51d862e7c60a9e967773f15a17480b783af8c456 Reviewed-on: https://boringssl-review.googlesource.com/11422 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c index 8c76419..946336f 100644 --- a/ssl/ssl_cipher.c +++ b/ssl/ssl_cipher.c
@@ -1179,12 +1179,11 @@ uint32_t alg_mkey, alg_auth, alg_enc, alg_mac; uint16_t min_version; const char *l, *buf; - int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0; + int multi, skip_rule, rule, ok, in_group = 0, has_group = 0; size_t j, buf_len; uint32_t cipher_id; char ch; - retval = 1; l = rule_str; for (;;) { ch = *l; @@ -1210,8 +1209,7 @@ } else if (!(ch >= 'a' && ch <= 'z') && !(ch >= 'A' && ch <= 'Z') && !(ch >= '0' && ch <= '9')) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP); - retval = in_group = 0; - break; + return 0; } else { rule = CIPHER_ADD; } @@ -1230,8 +1228,7 @@ } else if (ch == '[') { if (in_group) { OPENSSL_PUT_ERROR(SSL, SSL_R_NESTED_GROUP); - retval = in_group = 0; - break; + return 0; } in_group = 1; has_group = 1; @@ -1245,8 +1242,7 @@ * Otherwise the in_group bits will get mixed up. */ if (has_group && rule != CIPHER_ADD) { OPENSSL_PUT_ERROR(SSL, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS); - retval = in_group = 0; - break; + return 0; } if (ITEM_SEP(ch)) { @@ -1360,7 +1356,7 @@ } if (ok == 0) { - retval = 0; + return 0; } /* We do not support any "multi" options together with "@", so throw away @@ -1376,10 +1372,10 @@ if (in_group) { OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND); - retval = 0; + return 0; } - return retval; + return 1; } STACK_OF(SSL_CIPHER) *