summaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s2_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/s2_clnt.c')
-rw-r--r--crypto/openssl/ssl/s2_clnt.c41
1 files changed, 32 insertions, 9 deletions
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index 2a6837d..236b394 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -518,7 +518,12 @@ static int get_server_hello(SSL *s)
}
s->s2->conn_id_length=s->s2->tmp.conn_id_length;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+ return -1;
+ }
memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
return(1);
}
@@ -620,7 +625,12 @@ static int client_master_key(SSL *s)
/* make key_arg data */
i=EVP_CIPHER_iv_length(c);
sess->key_arg_length=i;
- die(i <= SSL_MAX_KEY_ARG_LENGTH);
+ if (i > SSL_MAX_KEY_ARG_LENGTH)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
/* make a master key */
@@ -628,7 +638,12 @@ static int client_master_key(SSL *s)
sess->master_key_length=i;
if (i > 0)
{
- die(i <= sizeof sess->master_key);
+ if (i > sizeof sess->master_key)
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
if (RAND_bytes(sess->master_key,i) <= 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -672,7 +687,12 @@ static int client_master_key(SSL *s)
d+=enc;
karg=sess->key_arg_length;
s2n(karg,p); /* key arg size */
- die(karg <= sizeof sess->key_arg);
+ if (karg > sizeof sess->key_arg)
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(d,sess->key_arg,(unsigned int)karg);
d+=karg;
@@ -693,7 +713,11 @@ static int client_finished(SSL *s)
{
p=(unsigned char *)s->init_buf->data;
*(p++)=SSL2_MT_CLIENT_FINISHED;
- die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+ {
+ SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+ return -1;
+ }
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -950,10 +974,9 @@ static int get_server_finished(SSL *s)
{
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
- die(s->session->session_id_length
- <= sizeof s->session->session_id);
- if (memcmp(buf,s->session->session_id,
- (unsigned int)s->session->session_id_length) != 0)
+ if ((s->session->session_id_length > sizeof s->session->session_id)
+ || (0 != memcmp(buf, s->session->session_id,
+ (unsigned int)s->session->session_id_length)))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
OpenPOWER on IntegriCloud