diff options
Diffstat (limited to 'crypto/openssl/ssl/s2_clnt.c')
-rw-r--r-- | crypto/openssl/ssl/s2_clnt.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 4ea0023..5f83570 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. @@ -109,6 +107,7 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * + * $FreeBSD$ */ #include "ssl_locl.h" @@ -118,6 +117,7 @@ #include <openssl/buffer.h> #include <openssl/objects.h> #include <openssl/evp.h> +#include "cryptlib.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); @@ -519,6 +519,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -620,6 +621,7 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; + die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -627,6 +629,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { + die(i <= sizeof sess->master_key); if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -670,6 +673,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ + die(karg <= sizeof sess->key_arg); memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -690,6 +694,7 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -946,6 +951,8 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { + die(s->session->session_id_length + <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) { |