generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement known-IV countermeasure.

Browse Source 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
This commit is contained in:
Bodo Möller
2002-04-13 22:51:26 +00:00
parent f89db4020f
commit a9ab63c01c
9 changed files with 306 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ssl/s3_srvr.c
View File

@@ -727,7 +727,7 @@ static int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
if ((i+p) > (d+n))
if ((p+i) >= (d+n))
{
/* not enough data */
al=SSL_AD_DECODE_ERROR;
@@ -784,6 +784,13 @@ static int ssl3_get_client_hello(SSL *s)
/* compression */
i= *(p++);
if ((p+i) > (d+n))
{
/* not enough data */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
goto f_err;
}
q=p;
for (j=0; j<i; j++)
{
@@ -831,7 +838,7 @@ static int ssl3_get_client_hello(SSL *s)
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
if (p > (d+n))
if (p < (d+n))
{
/* wrong number of bytes,
* there could be more to follow */