generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Increase wbuf by one byte to fix the bug reported by

Browse Source 
Eric Day <eday@concentric.net> to openssl-dev@openssl.org,
Message-ID: <20001218013437.A5526@concentric.net>
This commit is contained in:
Bodo Möller 2000-12-18 11:23:23 +00:00
parent 555a8493cd
commit fc4868cb47
4 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -4,6 +4,11 @@
Changes between 0.9.6 and 0.9.6a [xx XXX 2000] Changes between 0.9.6 and 0.9.6a [xx XXX 2000]
*) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
when writing a 32767 byte record.
[Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
*) rand_win.c fix for Borland C. *) rand_win.c fix for Borland C.
[Ulf Möller] [Ulf Möller]

8
ssl/s2_lib.c
View File

@ -270,10 +270,16 @@ int ssl2_new(SSL *s)
if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
memset(s2,0,sizeof *s2); memset(s2,0,sizeof *s2);
#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
# error "assertion failed"
#endif
if ((s2->rbuf=OPENSSL_malloc( if ((s2->rbuf=OPENSSL_malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
/* wbuf needs one byte more because when using two-byte headers,
* we leave the first byte unused in do_ssl_write (s2_pkt.c) */
if ((s2->wbuf=OPENSSL_malloc( if ((s2->wbuf=OPENSSL_malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
s->s2=s2; s->s2=s2;
ssl2_clear(s); ssl2_clear(s);

7
ssl/s2_pkt.c
View File

@ -541,6 +541,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
{ {
bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx); bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
j=len+mac_size; j=len+mac_size;
/* Two-byte headers allow for a larger record length than
* three-byte headers, but we can't use them if we need
* padding or if we have to set the escape bit. */
if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
(!s->s2->escape)) (!s->s2->escape))
{ {
@ -560,7 +563,7 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
s->s2->three_byte_header=0; s->s2->three_byte_header=0;
p=0; p=0;
} }
else /* 3 byte header */ else /* we may have to use a 3 byte header */
{ {
/*len=len; */ /*len=len; */
p=(j%bs); p=(j%bs);
@ -574,7 +577,7 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
/* mac_size is the number of MAC bytes /* mac_size is the number of MAC bytes
* len is the number of data bytes we are going to send * len is the number of data bytes we are going to send
* p is the number of padding bytes * p is the number of padding bytes
* if p == 0, it is a 2 byte header */ * (if it is a two-byte header, then p == 0) */
s->s2->wlength=len; s->s2->wlength=len;
s->s2->padding=p; s->s2->padding=p;

6
ssl/ssl2.h
View File

@ -134,11 +134,11 @@ extern "C" {
/* Upper/Lower Bounds */ /* Upper/Lower Bounds */
#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
#ifdef MPE #ifdef MPE
#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)29998 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
#else #else
#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
#endif #endif
#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
#define SSL2_CHALLENGE_LENGTH 16 #define SSL2_CHALLENGE_LENGTH 16
/*#define SSL2_CHALLENGE_LENGTH 32 */ /*#define SSL2_CHALLENGE_LENGTH 32 */