diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index a250f20c2206676606d5fe9d3fedbe1d1da1ee9b..2757ccb91d133a840f90ccce847b37e5e100aca9 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -32,6 +32,9 @@ SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve =head1 DESCRIPTION +For all of the functions below that set the supported groups there must be at +least one group in the list. + SSL_CTX_set1_groups() sets the supported groups for B to B groups in the array B. The array consist of all NIDs of groups in preference order. For a TLS client the groups are used directly in the diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 156497988a622e3484fbca499fe307dbbcf9f2ec..b8b9fbda3900cb67da0d206db34279e98523a831 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen, */ unsigned long dup_list = 0; + if (ngroups == 0) { + SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH); + return 0; + } if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) { SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE); return 0;