Bug 1308847 - coverity check ssl3_config_match_init return value, r=mt
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Sun, 09 Oct 2016 15:53:03 +0200
changeset 12693 19235044514fb03ba9ee3e3b8ccc82d90ef0ff3d
parent 12692 ba8410f84629248e320faf28843735a26a74b9d2
child 12694 d9b87af2a0537ca63745b9ce2203741182e5e3f9
push id1647
push userfranziskuskiefer@gmail.com
push dateMon, 10 Oct 2016 06:42:02 +0000
reviewersmt
bugs1308847
Bug 1308847 - coverity check ssl3_config_match_init return value, r=mt Differential Revision: https://nss-dev.phacility.com/D75
lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -6620,17 +6620,22 @@ ssl3_HandleServerHello(sslSocket *ss, SS
         }
     }
 
     /* find selected cipher suite in our list. */
     temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
     if (temp < 0) {
         goto loser; /* alert has been sent */
     }
-    ssl3_config_match_init(ss);
+    i = ssl3_config_match_init(ss);
+    PORT_Assert(i > 0);
+    if (i <= 0) {
+        errCode = PORT_GetError();
+        goto loser;
+    }
     for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
         ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
         if (temp == suite->cipher_suite) {
             SSLVersionRange vrange = { ss->version, ss->version };
             if (!config_match(suite, ss->ssl3.policy, &vrange, ss)) {
                 /* config_match already checks whether the cipher suite is
                  * acceptable for the version, but the check is repeated here
                  * in order to give a more precise error code. */