diff options
| author | miod <> | 2014-05-18 16:10:26 +0000 |
|---|---|---|
| committer | miod <> | 2014-05-18 16:10:26 +0000 |
| commit | 07cfa1a278f7bbdc024101f7601144c23cca9b80 (patch) | |
| tree | 9113f7f80d634409d635b24c7127533982285ab5 | |
| parent | bf2b14371457bc443895943008b5aa2b82e8d25b (diff) | |
| download | openbsd-07cfa1a278f7bbdc024101f7601144c23cca9b80.tar.gz openbsd-07cfa1a278f7bbdc024101f7601144c23cca9b80.tar.bz2 openbsd-07cfa1a278f7bbdc024101f7601144c23cca9b80.zip | |
In ssl3_send_certificate_request(), when adding the extra payload if
NETSCAPE_HANG_BUG is defined, make sure we BUF_MEM_grow() the buffer to
accomodate for the payload size.
Issue reported by David Ramos; ok beck@
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_srvr.c | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 081aebf1f5..decf35d50f 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -1988,7 +1988,12 @@ ssl3_send_certificate_request(SSL *s) | |||
| 1988 | s->init_num = n + 4; | 1988 | s->init_num = n + 4; |
| 1989 | s->init_off = 0; | 1989 | s->init_off = 0; |
| 1990 | #ifdef NETSCAPE_HANG_BUG | 1990 | #ifdef NETSCAPE_HANG_BUG |
| 1991 | p = (unsigned char *)s->init_buf->data + s->init_num; | 1991 | if (!BUF_MEM_grow(buf, s->init_num + 4)) { |
| 1992 | SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, | ||
| 1993 | ERR_R_BUF_LIB); | ||
| 1994 | goto err; | ||
| 1995 | } | ||
| 1996 | p = (unsigned char *)buf->data + s->init_num; | ||
| 1992 | 1997 | ||
| 1993 | /* do the header */ | 1998 | /* do the header */ |
| 1994 | *(p++) = SSL3_MT_SERVER_DONE; | 1999 | *(p++) = SSL3_MT_SERVER_DONE; |
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 081aebf1f5..decf35d50f 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c | |||
| @@ -1988,7 +1988,12 @@ ssl3_send_certificate_request(SSL *s) | |||
| 1988 | s->init_num = n + 4; | 1988 | s->init_num = n + 4; |
| 1989 | s->init_off = 0; | 1989 | s->init_off = 0; |
| 1990 | #ifdef NETSCAPE_HANG_BUG | 1990 | #ifdef NETSCAPE_HANG_BUG |
| 1991 | p = (unsigned char *)s->init_buf->data + s->init_num; | 1991 | if (!BUF_MEM_grow(buf, s->init_num + 4)) { |
| 1992 | SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, | ||
| 1993 | ERR_R_BUF_LIB); | ||
| 1994 | goto err; | ||
| 1995 | } | ||
| 1996 | p = (unsigned char *)buf->data + s->init_num; | ||
| 1992 | 1997 | ||
| 1993 | /* do the header */ | 1998 | /* do the header */ |
| 1994 | *(p++) = SSL3_MT_SERVER_DONE; | 1999 | *(p++) = SSL3_MT_SERVER_DONE; |