vtls: Don't accept unknown CURLOPT_SSLVERSION values

author Jay Satiro <raysatiro@yahoo.com>

Fri, 27 Mar 2015 06:20:43 +0000 (02:20 -0400)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 27 Mar 2015 08:32:23 +0000 (09:32 +0100)
author Jay Satiro <raysatiro@yahoo.com>
Fri, 27 Mar 2015 06:20:43 +0000 (02:20 -0400)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 27 Mar 2015 08:32:23 +0000 (09:32 +0100)
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c

index 12427c17ca2e602709838f1a9fa8ccfdd828ddba..42a2b58a0fe2b788e19f1f7e6ebc8cc3342ecdad 100644 (file)
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -276,10 +276,25 @@ void Curl_ssl_cleanup(void)
    }
  }
  
+static bool ssl_prefs_check(struct SessionHandle *data)
+{
+  /* check for CURLOPT_SSLVERSION invalid parameter value */
+  if((data->set.ssl.version < 0)
+     || (data->set.ssl.version >= CURL_SSLVERSION_LAST)) {
+    failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION");
+    return FALSE;
+  }
+  return TRUE;
+}
+
  CURLcode
  Curl_ssl_connect(struct connectdata *conn, int sockindex)
  {
    CURLcode result;
+
+  if(!ssl_prefs_check(conn->data))
+    return CURLE_SSL_CONNECT_ERROR;
+
    /* mark this is being ssl-enabled from here on. */
    conn->ssl[sockindex].use = TRUE;
    conn->ssl[sockindex].state = ssl_connection_negotiating;
@@ -297,6 +312,10 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
                               bool *done)
  {
    CURLcode result;
+
+  if(!ssl_prefs_check(conn->data))
+    return CURLE_SSL_CONNECT_ERROR;
+
    /* mark this is being ssl requested from here on. */
    conn->ssl[sockindex].use = TRUE;
  #ifdef curlssl_connect_nonblocking
author	Jay Satiro <raysatiro@yahoo.com>
	Fri, 27 Mar 2015 06:20:43 +0000 (02:20 -0400)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 27 Mar 2015 08:32:23 +0000 (09:32 +0100)