security/openvpn/files/patch-629baad8


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

commit 629baad8f89af261445a2ace03694601f8e476f9
Author: Steffan Karger <steffan@karger.me>
Date:   Fri May 13 08:54:52 2016 +0200

    Fix polarssl / mbedtls builds
    
    Commit 8a399cd3 hardened the OpenSSL default cipher list,
    but also introduced a change in shared code that causes
    polarssl / mbedtls builds to break when no --tls-cipher is
    specified.
    
    This fix is backported code from the master branch.
    
    Signed-off-by: Steffan Karger <steffan@karger.me>
    Acked-by: Gert Doering <gert@greenie.muc.de>
    Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
    URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
    Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index 1f58369..9263698 100644
--- ./src/openvpn/ssl_polarssl.c
+++ ./src/openvpn/ssl_polarssl.c
@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 {
   char *tmp_ciphers, *tmp_ciphers_orig, *token;
   int i, cipher_count;
-  int ciphers_len = strlen (ciphers);
+  int ciphers_len;
+
+  if (NULL == ciphers)
+    return; /* Nothing to do */
+
+  ciphers_len = strlen (ciphers);
 
   ASSERT (NULL != ctx);
   ASSERT (0 != ciphers_len);