Sanity check the return from final_finish_mac
The return value is checked for 0. This is currently safe but we should really check for <= 0 since -1 is frequently used for error conditions. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit c427570e5098e120cbcb66e799f85c317aac7b91) Conflicts: ssl/ssl_locl.h
This commit is contained in:
parent
99ceb2d40c
commit
75862f7741
@ -168,7 +168,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
|
|||||||
i = s->method->ssl3_enc->final_finish_mac(s,
|
i = s->method->ssl3_enc->final_finish_mac(s,
|
||||||
sender, slen,
|
sender, slen,
|
||||||
s->s3->tmp.finish_md);
|
s->s3->tmp.finish_md);
|
||||||
if (i == 0)
|
if (i <= 0)
|
||||||
return 0;
|
return 0;
|
||||||
s->s3->tmp.finish_md_len = i;
|
s->s3->tmp.finish_md_len = i;
|
||||||
memcpy(p, s->s3->tmp.finish_md, i);
|
memcpy(p, s->s3->tmp.finish_md, i);
|
||||||
|
@ -1230,7 +1230,6 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
|
|||||||
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
|
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
|
||||||
|
|
||||||
int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
|
int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
|
||||||
int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
|
|
||||||
int dtls1_read_failed(SSL *s, int code);
|
int dtls1_read_failed(SSL *s, int code);
|
||||||
int dtls1_buffer_message(SSL *s, int ccs);
|
int dtls1_buffer_message(SSL *s, int ccs);
|
||||||
int dtls1_retransmit_message(SSL *s, unsigned short seq,
|
int dtls1_retransmit_message(SSL *s, unsigned short seq,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user