generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

OpenSSL Security Advisory [30 July 2002]

Browse Source 
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
This commit is contained in:
Lutz Jänicke
2002-07-30 10:19:01 +00:00
parent d12eb7b024
commit bb41724483
17 changed files with 158 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/s3_clnt.c
View File

@@ -117,6 +117,7 @@
#include <openssl/sha.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s)
*(p++)=i;
if (i != 0)
{
die(i <= sizeof s->session->session_id);
memcpy(p,s->session->session_id,i);
p+=i;
}
@@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s)
/* get the session-id */
j= *(p++);
if(j > sizeof s->session->session_id)
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
SSL_R_SSL3_SESSION_ID_TOO_LONG);
goto f_err;
}
if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
{
/* SSLref returns 16 :-( */