OpenSSL ssl_base64_encode(): Fix buffer size check

[privoxy.git] / openssl.c

diff --git a/openssl.c b/openssl.c
index e3717af..fe4da8f 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -229,6 +229,11 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m
       ret = BIO_read(bio, buf, (int)max_length);
    } while (ret <= 0 && BIO_should_retry(bio));
 
+   if (BIO_get_ssl(bio, &ssl) == 1)
+   {
+      fd = SSL_get_fd(ssl);
+   }
+
    if (ret < 0)
    {
       log_ssl_errors(LOG_LEVEL_ERROR,
@@ -237,11 +242,6 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m
       return -1;
    }
 
-   if (BIO_get_ssl(bio, &ssl) == 1)
-   {
-      fd = SSL_get_fd(ssl);
-   }
-
    log_error(LOG_LEVEL_RECEIVED, "TLS from socket %d: %N",
       fd, ret, buf);
 
@@ -1287,7 +1287,7 @@ extern int ssl_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
                              const unsigned char *src, size_t slen)
 {
    *olen = 4 * ((slen/3)  + ((slen%3) ? 1 : 0)) + 1;
-   if (*olen < dlen)
+   if (*olen > dlen)
    {
       return ENOBUFS;
    }
@@ -1616,8 +1616,6 @@ static int ssl_certificate_is_invalid(const char *cert_file)
 
    if (!(cert = ssl_certificate_load(cert_file)))
    {
-      log_ssl_errors(LOG_LEVEL_ERROR,
-         "Error reading certificate file %s", cert_file);
       return 1;
    }
 
@@ -1647,7 +1645,7 @@ static int ssl_certificate_is_invalid(const char *cert_file)
  *          3  :  nid = OpenSSL NID
  *          4  :  value = extension value
  *
- * Returns     :   0 => Error while setting extensuon data
+ * Returns     :   0 => Error while setting extension data
  *                 1 => It worked
  *
  *********************************************************************/