summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s2_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/s2_clnt.c')
-rw-r--r--crypto/openssl/ssl/s2_clnt.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 4ea0023..5f83570 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $FreeBSD$
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
@@ -109,6 +107,7 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
+ * $FreeBSD$
*/
#include "ssl_locl.h"
@@ -118,6 +117,7 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
+#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);
@@ -519,6 +519,7 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -620,6 +621,7 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
+ die(i <= SSL_MAX_KEY_ARG_LENGTH);
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -627,6 +629,7 @@ static int client_master_key(SSL *s)
sess->master_key_length=i;
if (i > 0)
{
+ die(i <= sizeof sess->master_key);
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -670,6 +673,7 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
+ die(karg <= sizeof sess->key_arg);
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -690,6 +694,7 @@ static int client_finished(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
+ die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -946,6 +951,8 @@ static int get_server_finished(SSL *s)
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
+ die(s->session->session_id_length
+ <= sizeof s->session->session_id);
if (memcmp(buf,s->session->session_id,
(unsigned int)s->session->session_id_length) != 0)
{
OpenPOWER on IntegriCloud