Security fixes brought forward from 0.9.7.

2002-11-13 15:43:43 +00:00
parent 8f797f14b8
commit 54a656ef08
115 changed files with 806 additions and 509 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -125,6 +125,7 @@
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
+#include "cryptlib.h"

 const char *SSL_version_str=OPENSSL_VERSION_TEXT;

@@ -277,6 +278,7 @@ SSL *SSL_new(SSL_CTX *ctx)
 	s->verify_mode=ctx->verify_mode;
 	s->verify_depth=ctx->verify_depth;
 	s->sid_ctx_length=ctx->sid_ctx_length;
+	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
 	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
 	s->verify_callback=ctx->default_verify_callback;
 	s->generate_session_id=ctx->generate_session_id;
@@ -318,7 +320,7 @@ err:
 int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
 				   unsigned int sid_ctx_len)
    {
-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+    if(sid_ctx_len > sizeof ctx->sid_ctx)
 	{
 	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
 	return 0;
@@ -368,6 +370,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 	 * any new session built out of this id/id_len and the ssl_version in
 	 * use by this SSL. */
 	SSL_SESSION r, *p;
+
+	if(id_len > sizeof r.session_id)
+		return 0;
+
 	r.ssl_version = ssl->version;
 	r.session_id_length = id_len;
 	memcpy(r.session_id, id, id_len);