diff options
author | nectar <nectar@FreeBSD.org> | 2002-08-10 01:46:10 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-08-10 01:46:10 +0000 |
commit | c99c2264cb2cf6c4f161218c15b8e9a3072526e5 (patch) | |
tree | 3c9559c80a7fe01c85e2dfbadcb9f84770a7e8e6 /crypto/openssl/ssl/s2_clnt.c | |
parent | c48e8e3d25b5b1f6a1783f1e469b5aff8e6c8e29 (diff) | |
download | FreeBSD-src-c99c2264cb2cf6c4f161218c15b8e9a3072526e5.zip FreeBSD-src-c99c2264cb2cf6c4f161218c15b8e9a3072526e5.tar.gz |
Import of OpenSSL 0.9.6f.
Diffstat (limited to 'crypto/openssl/ssl/s2_clnt.c')
-rw-r--r-- | crypto/openssl/ssl/s2_clnt.c | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 2a6837d..236b394 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -518,7 +518,12 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; - die(s->s2->conn_id_length <= sizeof s->s2->conn_id); + if (s->s2->conn_id_length > sizeof s->s2->conn_id) + { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); + return -1; + } memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -620,7 +625,12 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; - die(i <= SSL_MAX_KEY_ARG_LENGTH); + if (i > SSL_MAX_KEY_ARG_LENGTH) + { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + return -1; + } if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -628,7 +638,12 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { - die(i <= sizeof sess->master_key); + if (i > sizeof sess->master_key) + { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + return -1; + } if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -672,7 +687,12 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ - die(karg <= sizeof sess->key_arg); + if (karg > sizeof sess->key_arg) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + return -1; + } memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -693,7 +713,11 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; - die(s->s2->conn_id_length <= sizeof s->s2->conn_id); + if (s->s2->conn_id_length > sizeof s->s2->conn_id) + { + SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR); + return -1; + } memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -950,10 +974,9 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { - die(s->session->session_id_length - <= sizeof s->session->session_id); - if (memcmp(buf,s->session->session_id, - (unsigned int)s->session->session_id_length) != 0) + if ((s->session->session_id_length > sizeof s->session->session_id) + || (0 != memcmp(buf, s->session->session_id, + (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); |