diff options
| author | Renato Botelho <renato@netgate.com> | 2016-09-23 13:44:42 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-09-23 13:44:42 -0300 |
| commit | e2276f438816f5c921df6d320a98e6b90a1e613d (patch) | |
| tree | 79b8811cc54b543a6b62ef758dccc6d9391d5072 /crypto/openssl/ssl/s3_clnt.c | |
| parent | 5a5f882809260c3079797ed53b1a007ca40a0924 (diff) | |
| parent | eaf14f8188deb08bcb1fa48ab854b3a3ab8bf939 (diff) | |
| download | FreeBSD-src-e2276f438816f5c921df6d320a98e6b90a1e613d.zip FreeBSD-src-e2276f438816f5c921df6d320a98e6b90a1e613d.tar.gz | |
Merge remote-tracking branch 'origin/releng/10.3' into RELENG_2_3_2
Diffstat (limited to 'crypto/openssl/ssl/s3_clnt.c')
| -rw-r--r-- | crypto/openssl/ssl/s3_clnt.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c index cfa5080..d2ce813 100644 --- a/crypto/openssl/ssl/s3_clnt.c +++ b/crypto/openssl/ssl/s3_clnt.c @@ -1143,6 +1143,12 @@ int ssl3_get_server_certificate(SSL *s) goto f_err; } for (nc = 0; nc < llen;) { + if (nc + 3 > llen) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_CERT_LENGTH_MISMATCH); + goto f_err; + } n2l3(p, l); if ((l + nc + 3) > llen) { al = SSL_AD_DECODE_ERROR; @@ -2072,6 +2078,11 @@ int ssl3_get_certificate_request(SSL *s) } for (nc = 0; nc < llen;) { + if (nc + 2 > llen) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); + goto err; + } n2s(p, l); if ((l + nc + 2) > llen) { if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) |
