libsec: handle missing signature case; can happen because some ciphers make it optional

author: cinap_lenrek <cinap_lenrek@felloff.net> 2015-09-22 19:11:54 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2015-09-22 19:11:54 +0200
commit: ada54defbcb037f8858b475f90ef215b7d1b44a6 (patch)
tree: 16cc7bfa2420d91829a57f709d491cfd08380b6e
parent: 2c4d3dd510a806344e4a3c6507d7f397a68c980c (diff)
download: plan9front-ada54defbcb037f8858b475f90ef215b7d1b44a6.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c
index 8f5c570d3..4a2e4f481 100644
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -981,6 +981,9 @@ verifyDHparams(TlsConnection *c, Bytes *par, Bytes *sig, int sigalg)
 	RSApub *pk;
 	char *err;
 
+	if(sig == nil || sig->len <= 0)
+		return "no signature";
+
 	pk = X509toRSApub(c->cert->data, c->cert->len, nil, 0);
 	if(pk == nil)
 		return "bad certificate";
@@ -1767,7 +1770,7 @@ msgRecv(TlsConnection *c, Msg *m)
 			p += nn, n -= nn;
 		} else {
 			/* should not happen */
-			break;
+			goto Short;
 		}
 		m->u.serverKeyExchange.dh_parameters = makebytes(s, p - s);
 		if(n >= 2){
author	cinap_lenrek <cinap_lenrek@felloff.net>	2015-09-22 19:11:54 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2015-09-22 19:11:54 +0200
commit	ada54defbcb037f8858b475f90ef215b7d1b44a6 (patch)
tree	16cc7bfa2420d91829a57f709d491cfd08380b6e
parent	2c4d3dd510a806344e4a3c6507d7f397a68c980c (diff)
download	plan9front-ada54defbcb037f8858b475f90ef215b7d1b44a6.tar.xz