If we're going to return errors (no matter how stupid), then we should

test for them!
2008-12-29 16:11:58 +00:00
parent 8aa02e97a7
commit 0eab41fb78
28 changed files with 168 additions and 55 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -522,6 +522,7 @@ int ssl3_accept(SSL *s)
 				{
 				int offset=0;
 				int dgst_num;
+
 				s->state=SSL3_ST_SR_CERT_VRFY_A;
 				s->init_num=0;

@@ -536,8 +537,16 @@ int ssl3_accept(SSL *s)
 				for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)	
 					if (s->s3->handshake_dgst[dgst_num]) 
 						{
+						int dgst_size;
+
 						s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
-						offset+=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
+						dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
+						if (dgst_size < 0)
+							{
+							ret = -1;
+							goto end;
+							}
+						offset+=dgst_size;
 						}		
 				}
 			break;