summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjason <>2002-07-30 15:47:56 +0000
committerjason <>2002-07-30 15:47:56 +0000
commitf85814b99411f07f87dbb2ec1977014aaa43a1c2 (patch)
tree6adf5bdd6187440b2d469c3252113631f2c2e877
parent61f51d1b1714d7f1eb3350fed1b78632ef17c937 (diff)
downloadopenbsd-f85814b99411f07f87dbb2ec1977014aaa43a1c2.tar.gz
openbsd-f85814b99411f07f87dbb2ec1977014aaa43a1c2.tar.bz2
openbsd-f85814b99411f07f87dbb2ec1977014aaa43a1c2.zip
Pull in patch from current:
Fix (markus), errata 013: apply patches from OpenSSL Security Advisory [30 July 2002], http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
-rw-r--r--src/lib/libssl/src/CHANGES29
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_lib.c10
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_def.c3
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.h4
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_dat.c2
-rw-r--r--src/lib/libssl/src/ssl/s2_clnt.c8
-rw-r--r--src/lib/libssl/src/ssl/s2_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/s2_srvr.c14
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c10
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c2
-rw-r--r--src/lib/libssl/src/ssl/ssl.h2
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c1
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c7
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c1
16 files changed, 99 insertions, 7 deletions
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index f88867b065..a9c0c810b8 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,35 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes in security patch
6
7Changes marked "(CHATS)" were sponsored by the Defense Advanced
8Research Projects Agency (DARPA) and Air Force Research Laboratory,
9Air Force Materiel Command, USAF, under agreement number
10F30602-01-2-0537.
11
12 *) Add various sanity checks to asn1_get_length() to reject
13 the ASN1 length bytes if they exceed sizeof(long), will appear
14 negative or the content length exceeds the length of the
15 supplied buffer.
16 [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
17
18 *) Assertions for various potential buffer overflows, not known to
19 happen in practice.
20 [Ben Laurie (CHATS)]
21
22 *) Various temporary buffers to hold ASCII versions of integers were
23 too small for 64 bit platforms. (CAN-2002-0655)
24 [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
25
26 *) Remote buffer overflow in SSL3 protocol - an attacker could
27 supply an oversized session ID to a client. (CAN-2002-0656)
28 [Ben Laurie (CHATS)]
29
30 *) Remote buffer overflow in SSL2 protocol - an attacker could
31 supply an oversized client master key. (CAN-2002-0656)
32 [Ben Laurie (CHATS)]
33
5 Changes between 0.9.6a and 0.9.6b [9 Jul 2001] 34 Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
6 35
7 *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) 36 *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index a8b651e54e..1fe3fbc1fa 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -124,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
124 (int)(omax+ *pp)); 124 (int)(omax+ *pp));
125 125
126#endif 126#endif
127#if 0 127 if (*plength > (omax - (*pp - p)))
128 if ((p+ *plength) > (omax+ *pp))
129 { 128 {
130 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); 129 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
131 /* Set this so that even if things are not long enough 130 /* Set this so that even if things are not long enough
132 * the values are set correctly */ 131 * the values are set correctly */
133 ret|=0x80; 132 ret|=0x80;
134 } 133 }
135#endif
136 *pp=p; 134 *pp=p;
137 return(ret|inf); 135 return(ret|inf);
138err: 136err:
@@ -159,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
159 i= *p&0x7f; 157 i= *p&0x7f;
160 if (*(p++) & 0x80) 158 if (*(p++) & 0x80)
161 { 159 {
160 if (i > sizeof(long))
161 return 0;
162 if (max-- == 0) return(0); 162 if (max-- == 0) return(0);
163 while (i-- > 0) 163 while (i-- > 0)
164 { 164 {
@@ -170,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
170 else 170 else
171 ret=i; 171 ret=i;
172 } 172 }
173 if (ret < 0)
174 return 0;
173 *pp=p; 175 *pp=p;
174 *rl=ret; 176 *rl=ret;
175 return(1); 177 return(1);
@@ -407,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
407 409
408void asn1_add_error(unsigned char *address, int offset) 410void asn1_add_error(unsigned char *address, int offset)
409 { 411 {
410 char buf1[16],buf2[16]; 412 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
411 413
412 sprintf(buf1,"%lu",(unsigned long)address); 414 sprintf(buf1,"%lu",(unsigned long)address);
413 sprintf(buf2,"%d",offset); 415 sprintf(buf2,"%d",offset);
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index 773df32c68..d43c9de3f5 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -67,6 +67,7 @@
67#include "conf_def.h" 67#include "conf_def.h"
68#include <openssl/buffer.h> 68#include <openssl/buffer.h>
69#include <openssl/err.h> 69#include <openssl/err.h>
70#include "cryptlib.h"
70 71
71static char *eat_ws(CONF *conf, char *p); 72static char *eat_ws(CONF *conf, char *p);
72static char *eat_alpha_numeric(CONF *conf, char *p); 73static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -180,12 +181,12 @@ static int def_destroy_data(CONF *conf)
180static int def_load(CONF *conf, BIO *in, long *line) 181static int def_load(CONF *conf, BIO *in, long *line)
181 { 182 {
182#define BUFSIZE 512 183#define BUFSIZE 512
183 char btmp[16];
184 int bufnum=0,i,ii; 184 int bufnum=0,i,ii;
185 BUF_MEM *buff=NULL; 185 BUF_MEM *buff=NULL;
186 char *s,*p,*end; 186 char *s,*p,*end;
187 int again,n; 187 int again,n;
188 long eline=0; 188 long eline=0;
189 char btmp[DECIMAL_SIZE(eline)+1];
189 CONF_VALUE *v=NULL,*tv; 190 CONF_VALUE *v=NULL,*tv;
190 CONF_VALUE *sv=NULL; 191 CONF_VALUE *sv=NULL;
191 char *section=NULL,*buf; 192 char *section=NULL,*buf;
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index 5eff5d3141..075b79db05 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -89,6 +89,10 @@ extern "C" {
89#define X509_CERT_DIR_EVP "SSL_CERT_DIR" 89#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
90#define X509_CERT_FILE_EVP "SSL_CERT_FILE" 90#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
91 91
92/* size of string represenations */
93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
94#define HEX_SIZE(type) ((sizeof(type)*2)
95
92#ifdef __cplusplus 96#ifdef __cplusplus
93} 97}
94#endif 98#endif
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 4b1bb9583a..3659d5a17f 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -428,7 +428,7 @@ int OBJ_obj2txt(char *buf, int buf_len, ASN1_OBJECT *a, int no_name)
428 unsigned long l; 428 unsigned long l;
429 unsigned char *p; 429 unsigned char *p;
430 const char *s; 430 const char *s;
431 char tbuf[32]; 431 char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
432 432
433 if (buf_len <= 0) return(0); 433 if (buf_len <= 0) return(0);
434 434
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 28d6d65296..e137d52db7 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -63,6 +63,7 @@
63#include <openssl/buffer.h> 63#include <openssl/buffer.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include <openssl/evp.h> 65#include <openssl/evp.h>
66#include "ssl_locl.h"
66 67
67static SSL_METHOD *ssl2_get_client_method(int ver); 68static SSL_METHOD *ssl2_get_client_method(int ver);
68static int get_server_finished(SSL *s); 69static int get_server_finished(SSL *s);
@@ -458,6 +459,7 @@ static int get_server_hello(SSL *s)
458 } 459 }
459 460
460 s->s2->conn_id_length=s->s2->tmp.conn_id_length; 461 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
462 die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
461 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); 463 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
462 return(1); 464 return(1);
463 } 465 }
@@ -559,6 +561,7 @@ static int client_master_key(SSL *s)
559 /* make key_arg data */ 561 /* make key_arg data */
560 i=EVP_CIPHER_iv_length(c); 562 i=EVP_CIPHER_iv_length(c);
561 sess->key_arg_length=i; 563 sess->key_arg_length=i;
564 die(i <= SSL_MAX_KEY_ARG_LENGTH);
562 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); 565 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
563 566
564 /* make a master key */ 567 /* make a master key */
@@ -566,6 +569,7 @@ static int client_master_key(SSL *s)
566 sess->master_key_length=i; 569 sess->master_key_length=i;
567 if (i > 0) 570 if (i > 0)
568 { 571 {
572 die(i <= sizeof sess->master_key);
569 if (RAND_bytes(sess->master_key,i) <= 0) 573 if (RAND_bytes(sess->master_key,i) <= 0)
570 { 574 {
571 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 575 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -609,6 +613,7 @@ static int client_master_key(SSL *s)
609 d+=enc; 613 d+=enc;
610 karg=sess->key_arg_length; 614 karg=sess->key_arg_length;
611 s2n(karg,p); /* key arg size */ 615 s2n(karg,p); /* key arg size */
616 die(karg <= sizeof sess->key_arg);
612 memcpy(d,sess->key_arg,(unsigned int)karg); 617 memcpy(d,sess->key_arg,(unsigned int)karg);
613 d+=karg; 618 d+=karg;
614 619
@@ -629,6 +634,7 @@ static int client_finished(SSL *s)
629 { 634 {
630 p=(unsigned char *)s->init_buf->data; 635 p=(unsigned char *)s->init_buf->data;
631 *(p++)=SSL2_MT_CLIENT_FINISHED; 636 *(p++)=SSL2_MT_CLIENT_FINISHED;
637 die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
632 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); 638 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
633 639
634 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; 640 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -878,6 +884,8 @@ static int get_server_finished(SSL *s)
878 { 884 {
879 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) 885 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
880 { 886 {
887 die(s->session->session_id_length
888 <= sizeof s->session->session_id);
881 if (memcmp(buf,s->session->session_id, 889 if (memcmp(buf,s->session->session_id,
882 (unsigned int)s->session->session_id_length) != 0) 890 (unsigned int)s->session->session_id_length) != 0)
883 { 891 {
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index a590dbfa5c..e3acdb189a 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -62,6 +62,7 @@
62#include <openssl/rsa.h> 62#include <openssl/rsa.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/md5.h> 64#include <openssl/md5.h>
65#include "ssl_locl.h"
65 66
66static long ssl2_default_timeout(void ); 67static long ssl2_default_timeout(void );
67const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; 68const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -425,10 +426,14 @@ void ssl2_generate_key_material(SSL *s)
425#endif 426#endif
426 427
427 km=s->s2->key_material; 428 km=s->s2->key_material;
429 die(s->s2->key_material_length <= sizeof s->s2->key_material);
428 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) 430 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
429 { 431 {
430 MD5_Init(&ctx); 432 MD5_Init(&ctx);
431 433
434 die(s->session->master_key_length >= 0
435 && s->session->master_key_length
436 < sizeof s->session->master_key);
432 MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); 437 MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
433 MD5_Update(&ctx,&c,1); 438 MD5_Update(&ctx,&c,1);
434 c++; 439 c++;
@@ -463,6 +468,7 @@ void ssl2_write_error(SSL *s)
463/* state=s->rwstate;*/ 468/* state=s->rwstate;*/
464 error=s->error; 469 error=s->error;
465 s->error=0; 470 s->error=0;
471 die(error >= 0 && error <= 3);
466 i=ssl2_write(s,&(buf[3-error]),error); 472 i=ssl2_write(s,&(buf[3-error]),error);
467/* if (i == error) s->rwstate=state; */ 473/* if (i == error) s->rwstate=state; */
468 474
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 2fa2f310a8..31c48d64e5 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -63,6 +63,7 @@
63#include <openssl/rand.h> 63#include <openssl/rand.h>
64#include <openssl/objects.h> 64#include <openssl/objects.h>
65#include <openssl/evp.h> 65#include <openssl/evp.h>
66#include "ssl_locl.h"
66 67
67static SSL_METHOD *ssl2_get_server_method(int ver); 68static SSL_METHOD *ssl2_get_server_method(int ver);
68static int get_client_master_key(SSL *s); 69static int get_client_master_key(SSL *s);
@@ -361,12 +362,19 @@ static int get_client_master_key(SSL *s)
361 n2s(p,i); s->s2->tmp.clear=i; 362 n2s(p,i); s->s2->tmp.clear=i;
362 n2s(p,i); s->s2->tmp.enc=i; 363 n2s(p,i); s->s2->tmp.enc=i;
363 n2s(p,i); s->session->key_arg_length=i; 364 n2s(p,i); s->session->key_arg_length=i;
365 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
366 {
367 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
368 SSL_R_KEY_ARG_TOO_LONG);
369 return -1;
370 }
364 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; 371 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
365 s->init_num=0; 372 s->init_num=0;
366 } 373 }
367 374
368 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ 375 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
369 p=(unsigned char *)s->init_buf->data; 376 p=(unsigned char *)s->init_buf->data;
377 die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
370 keya=s->session->key_arg_length; 378 keya=s->session->key_arg_length;
371 n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num; 379 n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
372 i=ssl2_read(s,(char *)&(p[s->init_num]),n); 380 i=ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -440,6 +448,7 @@ static int get_client_master_key(SSL *s)
440#endif 448#endif
441 449
442 if (is_export) i+=s->s2->tmp.clear; 450 if (is_export) i+=s->s2->tmp.clear;
451 die(i <= SSL_MAX_MASTER_KEY_LENGTH);
443 s->session->master_key_length=i; 452 s->session->master_key_length=i;
444 memcpy(s->session->master_key,p,(unsigned int)i); 453 memcpy(s->session->master_key,p,(unsigned int)i);
445 return(1); 454 return(1);
@@ -580,6 +589,7 @@ static int get_client_hello(SSL *s)
580 p+=s->s2->tmp.session_id_length; 589 p+=s->s2->tmp.session_id_length;
581 590
582 /* challenge */ 591 /* challenge */
592 die(s->s2->challenge_length <= sizeof s->s2->challenge);
583 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); 593 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
584 return(1); 594 return(1);
585mem_err: 595mem_err:
@@ -730,6 +740,7 @@ static int get_client_finished(SSL *s)
730 } 740 }
731 741
732 /* SSL2_ST_GET_CLIENT_FINISHED_B */ 742 /* SSL2_ST_GET_CLIENT_FINISHED_B */
743 die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
733 i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num); 744 i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
734 if (i < (int)s->s2->conn_id_length-s->init_num) 745 if (i < (int)s->s2->conn_id_length-s->init_num)
735 { 746 {
@@ -752,6 +763,7 @@ static int server_verify(SSL *s)
752 { 763 {
753 p=(unsigned char *)s->init_buf->data; 764 p=(unsigned char *)s->init_buf->data;
754 *(p++)=SSL2_MT_SERVER_VERIFY; 765 *(p++)=SSL2_MT_SERVER_VERIFY;
766 die(s->s2->challenge_length <= sizeof s->s2->challenge);
755 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); 767 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
756 /* p+=s->s2->challenge_length; */ 768 /* p+=s->s2->challenge_length; */
757 769
@@ -771,6 +783,8 @@ static int server_finish(SSL *s)
771 p=(unsigned char *)s->init_buf->data; 783 p=(unsigned char *)s->init_buf->data;
772 *(p++)=SSL2_MT_SERVER_FINISHED; 784 *(p++)=SSL2_MT_SERVER_FINISHED;
773 785
786 die(s->session->session_id_length
787 <= sizeof s->session->session_id);
774 memcpy(p,s->session->session_id, 788 memcpy(p,s->session->session_id,
775 (unsigned int)s->session->session_id_length); 789 (unsigned int)s->session->session_id_length);
776 /* p+=s->session->session_id_length; */ 790 /* p+=s->session->session_id_length; */
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index eec45cfa48..0c932696fe 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -64,6 +64,7 @@
64#include <openssl/sha.h> 64#include <openssl/sha.h>
65#include <openssl/evp.h> 65#include <openssl/evp.h>
66#include "ssl_locl.h" 66#include "ssl_locl.h"
67#include "ssl_locl.h"
67 68
68static SSL_METHOD *ssl3_get_client_method(int ver); 69static SSL_METHOD *ssl3_get_client_method(int ver);
69static int ssl3_client_hello(SSL *s); 70static int ssl3_client_hello(SSL *s);
@@ -492,6 +493,7 @@ static int ssl3_client_hello(SSL *s)
492 *(p++)=i; 493 *(p++)=i;
493 if (i != 0) 494 if (i != 0)
494 { 495 {
496 die(i <= sizeof s->session->session_id);
495 memcpy(p,s->session->session_id,i); 497 memcpy(p,s->session->session_id,i);
496 p+=i; 498 p+=i;
497 } 499 }
@@ -573,6 +575,14 @@ static int ssl3_get_server_hello(SSL *s)
573 /* get the session-id */ 575 /* get the session-id */
574 j= *(p++); 576 j= *(p++);
575 577
578 if(j > sizeof s->session->session_id)
579 {
580 al=SSL_AD_ILLEGAL_PARAMETER;
581 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
582 SSL_R_SSL3_SESSION_ID_TOO_LONG);
583 goto f_err;
584 }
585
576 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) 586 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
577 { 587 {
578 /* SSLref returns 16 :-( */ 588 /* SSLref returns 16 :-( */
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 258af84867..20a6f5cd3f 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -69,6 +69,7 @@
69#include <openssl/evp.h> 69#include <openssl/evp.h>
70#include <openssl/x509.h> 70#include <openssl/x509.h>
71#include "ssl_locl.h" 71#include "ssl_locl.h"
72#include "ssl_locl.h"
72 73
73static SSL_METHOD *ssl3_get_server_method(int ver); 74static SSL_METHOD *ssl3_get_server_method(int ver);
74static int ssl3_get_client_hello(SSL *s); 75static int ssl3_get_client_hello(SSL *s);
@@ -863,6 +864,7 @@ static int ssl3_send_server_hello(SSL *s)
863 s->session->session_id_length=0; 864 s->session->session_id_length=0;
864 865
865 sl=s->session->session_id_length; 866 sl=s->session->session_id_length;
867 die(sl <= sizeof s->session->session_id);
866 *(p++)=sl; 868 *(p++)=sl;
867 memcpy(p,s->session->session_id,sl); 869 memcpy(p,s->session->session_id,sl);
868 p+=sl; 870 p+=sl;
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 9de9e611ab..a673c0d97d 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1418,6 +1418,7 @@ void ERR_load_SSL_strings(void);
1418#define SSL_R_INVALID_COMMAND 280 1418#define SSL_R_INVALID_COMMAND 280
1419#define SSL_R_INVALID_PURPOSE 278 1419#define SSL_R_INVALID_PURPOSE 278
1420#define SSL_R_INVALID_TRUST 279 1420#define SSL_R_INVALID_TRUST 279
1421#define SSL_R_KEY_ARG_TOO_LONG 1112
1421#define SSL_R_LENGTH_MISMATCH 159 1422#define SSL_R_LENGTH_MISMATCH 159
1422#define SSL_R_LENGTH_TOO_SHORT 160 1423#define SSL_R_LENGTH_TOO_SHORT 160
1423#define SSL_R_LIBRARY_BUG 274 1424#define SSL_R_LIBRARY_BUG 274
@@ -1485,6 +1486,7 @@ void ERR_load_SSL_strings(void);
1485#define SSL_R_SHORT_READ 219 1486#define SSL_R_SHORT_READ 219
1486#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1487#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1487#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1488#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1489#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
1488#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1490#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1489#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1491#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1490#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1492#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index fa6456e4f5..fd983a4dcf 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -275,6 +275,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
275 os.length=i; 275 os.length=i;
276 276
277 ret->session_id_length=os.length; 277 ret->session_id_length=os.length;
278 die(os.length <= sizeof ret->session_id);
278 memcpy(ret->session_id,os.data,os.length); 279 memcpy(ret->session_id,os.data,os.length);
279 280
280 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); 281 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 1ae3333407..8c7c571a77 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,6 +1,6 @@
1/* ssl/ssl_err.c */ 1/* ssl/ssl_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -273,6 +273,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
273{SSL_R_INVALID_COMMAND ,"invalid command"}, 273{SSL_R_INVALID_COMMAND ,"invalid command"},
274{SSL_R_INVALID_PURPOSE ,"invalid purpose"}, 274{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
275{SSL_R_INVALID_TRUST ,"invalid trust"}, 275{SSL_R_INVALID_TRUST ,"invalid trust"},
276{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
276{SSL_R_LENGTH_MISMATCH ,"length mismatch"}, 277{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
277{SSL_R_LENGTH_TOO_SHORT ,"length too short"}, 278{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
278{SSL_R_LIBRARY_BUG ,"library bug"}, 279{SSL_R_LIBRARY_BUG ,"library bug"},
@@ -340,6 +341,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
340{SSL_R_SHORT_READ ,"short read"}, 341{SSL_R_SHORT_READ ,"short read"},
341{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 342{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
342{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 343{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
344{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
343{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 345{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
344{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 346{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
345{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, 347{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 1fe85b6cb7..e6f468517d 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -2072,3 +2072,10 @@ void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2072 2072
2073IMPLEMENT_STACK_OF(SSL_CIPHER) 2073IMPLEMENT_STACK_OF(SSL_CIPHER)
2074IMPLEMENT_STACK_OF(SSL_COMP) 2074IMPLEMENT_STACK_OF(SSL_COMP)
2075
2076void OpenSSLDie(const char *file,int line,const char *assertion)
2077 {
2078 fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
2079 file,line,assertion);
2080 abort();
2081 }
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 516d3cc5ae..a3343edcf6 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -605,5 +605,8 @@ int ssl_ok(SSL *s);
605SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 605SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
606STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 606STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
607 607
608/* die if we have to */
609void OpenSSLDie(const char *file,int line,const char *assertion);
610#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
608 611
609#endif 612#endif
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 7064262def..f5ad2eea80 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -199,6 +199,7 @@ int ssl_get_new_session(SSL *s, int session)
199 ss->session_id_length=0; 199 ss->session_id_length=0;
200 } 200 }
201 201
202 die(s->sid_ctx_length <= sizeof ss->sid_ctx);
202 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 203 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
203 ss->sid_ctx_length=s->sid_ctx_length; 204 ss->sid_ctx_length=s->sid_ctx_length;
204 s->session=ss; 205 s->session=ss;