Return immediately when cipher-string processing fails.
Rather than clear variables and break out of a loop that just ends up
returning anyway, just return. This makes all the abort points
consistent in this function.
Change-Id: I51d862e7c60a9e967773f15a17480b783af8c456
Reviewed-on: https://boringssl-review.googlesource.com/11422
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 8c76419..946336f 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1179,12 +1179,11 @@
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
uint16_t min_version;
const char *l, *buf;
- int multi, skip_rule, rule, retval, ok, in_group = 0, has_group = 0;
+ int multi, skip_rule, rule, ok, in_group = 0, has_group = 0;
size_t j, buf_len;
uint32_t cipher_id;
char ch;
- retval = 1;
l = rule_str;
for (;;) {
ch = *l;
@@ -1210,8 +1209,7 @@
} else if (!(ch >= 'a' && ch <= 'z') && !(ch >= 'A' && ch <= 'Z') &&
!(ch >= '0' && ch <= '9')) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP);
- retval = in_group = 0;
- break;
+ return 0;
} else {
rule = CIPHER_ADD;
}
@@ -1230,8 +1228,7 @@
} else if (ch == '[') {
if (in_group) {
OPENSSL_PUT_ERROR(SSL, SSL_R_NESTED_GROUP);
- retval = in_group = 0;
- break;
+ return 0;
}
in_group = 1;
has_group = 1;
@@ -1245,8 +1242,7 @@
* Otherwise the in_group bits will get mixed up. */
if (has_group && rule != CIPHER_ADD) {
OPENSSL_PUT_ERROR(SSL, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
- retval = in_group = 0;
- break;
+ return 0;
}
if (ITEM_SEP(ch)) {
@@ -1360,7 +1356,7 @@
}
if (ok == 0) {
- retval = 0;
+ return 0;
}
/* We do not support any "multi" options together with "@", so throw away
@@ -1376,10 +1372,10 @@
if (in_group) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_COMMAND);
- retval = 0;
+ return 0;
}
- return retval;
+ return 1;
}
STACK_OF(SSL_CIPHER) *