Correct bounds checks used when generating the EC curves extension.

ok beck@
author: jsing <> 2017-01-24 08:41:53 +0000
committer: jsing <> 2017-01-24 08:41:53 +0000
commit: 461ec96400c0a98b56a42533ecf86de58bc3c16f (patch)
tree: 24cc306e1f3f5d282bb995de9011ba8cbb99cd26
parent: 89f22c9b2f6839e8e66e874c7258e0ac76fcf070 (diff)
download: openbsd-461ec96400c0a98b56a42533ecf86de58bc3c16f.tar.gz
openbsd-461ec96400c0a98b56a42533ecf86de58bc3c16f.tar.bz2
openbsd-461ec96400c0a98b56a42533ecf86de58bc3c16f.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 5ca0a1f4a0..b69e52a85c 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.107 2017/01/24 03:41:43 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.108 2017/01/24 08:41:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -752,9 +752,9 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
                        return NULL;
                lenmax = limit - ret - 6;
-                if (curveslen > lenmax)
+                if (curveslen * 2 > lenmax)
                        return NULL;
-                if (curveslen > 65532) {
+                if (curveslen * 2 > 65532) {
                        SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
                            ERR_R_INTERNAL_ERROR);
                        return NULL;
author	jsing <>	2017-01-24 08:41:53 +0000
committer	jsing <>	2017-01-24 08:41:53 +0000
commit	461ec96400c0a98b56a42533ecf86de58bc3c16f (patch)
tree	24cc306e1f3f5d282bb995de9011ba8cbb99cd26
parent	89f22c9b2f6839e8e66e874c7258e0ac76fcf070 (diff)
download	openbsd-461ec96400c0a98b56a42533ecf86de58bc3c16f.tar.gz openbsd-461ec96400c0a98b56a42533ecf86de58bc3c16f.tar.bz2 openbsd-461ec96400c0a98b56a42533ecf86de58bc3c16f.zip

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 5ca0a1f4a0..b69e52a85c 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_lib.c,v 1.107 2017/01/24 03:41:43 jsing Exp $ */	1	/* $OpenBSD: t1_lib.c,v 1.108 2017/01/24 08:41:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -752,9 +752,9 @@ ssl_add_clienthello_tlsext(SSL s, unsigned char p, unsigned char *limit)
752	return NULL;	752	return NULL;
753		753
754	lenmax = limit - ret - 6;	754	lenmax = limit - ret - 6;
755	if (curveslen > lenmax)	755	if (curveslen * 2 > lenmax)
756	return NULL;	756	return NULL;
757	if (curveslen > 65532) {	757	if (curveslen * 2 > 65532) {
758	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,	758	SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
759	ERR_R_INTERNAL_ERROR);	759	ERR_R_INTERNAL_ERROR);
760	return NULL;	760	return NULL;