generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sanity check cookie_len

Browse Source 
Add a sanity check that the cookie_len returned by app_gen_cookie_cb is
valid.

Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Matt Caswell 2015-09-23 12:57:34 +01:00
parent 468f043ece
commit 373dc6e196
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ssl/d1_lib.c
View File

@ -754,7 +754,8 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
/* Generate the cookie */ /* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL || if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0) { s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
cookielen > 255) {
SSLerr(SSL_F_DTLS1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); SSLerr(SSL_F_DTLS1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
/* This is fatal */ /* This is fatal */
return -1; return -1;

5
ssl/d1_srvr.c
View File

@ -888,9 +888,10 @@ int dtls1_send_hello_verify_request(SSL *s)
if (s->ctx->app_gen_cookie_cb == NULL || if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie, s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
&(s->d1->cookie_len)) == 0) { &(s->d1->cookie_len)) == 0 ||
s->d1->cookie_len > 255) {
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
ERR_R_INTERNAL_ERROR); SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
s->state = SSL_ST_ERR; s->state = SSL_ST_ERR;
return 0; return 0;
} }