diff options
| author | markus <> | 2002-07-30 16:00:16 +0000 |
|---|---|---|
| committer | markus <> | 2002-07-30 16:00:16 +0000 |
| commit | b16c13ed2fd774b1e93a0165b809fda9376b3fc4 (patch) | |
| tree | 5cd7e8e3dd15c5a8b25bce74c5b82182b5081b19 /src/lib/libssl/s3_srvr.c | |
| parent | c54a116b266c232d9e0ffad482eb5f8b98130ac4 (diff) | |
| download | openbsd-b16c13ed2fd774b1e93a0165b809fda9376b3fc4.tar.gz openbsd-b16c13ed2fd774b1e93a0165b809fda9376b3fc4.tar.bz2 openbsd-b16c13ed2fd774b1e93a0165b809fda9376b3fc4.zip | |
sync with http://www.openssl.org/news/patch_20020730_0_9_7.txt
(adds fix for unused kerberos and engine code, and some more
assertions, as well as a 64bit integer string fix for conf_mod.c)
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 3748cd7c24..f03c290a3e 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -114,14 +114,14 @@ | |||
| 114 | 114 | ||
| 115 | 115 | ||
| 116 | #include <stdio.h> | 116 | #include <stdio.h> |
| 117 | #include "ssl_locl.h" | ||
| 118 | #include "kssl_lcl.h" | ||
| 117 | #include <openssl/buffer.h> | 119 | #include <openssl/buffer.h> |
| 118 | #include <openssl/rand.h> | 120 | #include <openssl/rand.h> |
| 119 | #include <openssl/objects.h> | 121 | #include <openssl/objects.h> |
| 120 | #include <openssl/evp.h> | 122 | #include <openssl/evp.h> |
| 121 | #include <openssl/x509.h> | 123 | #include <openssl/x509.h> |
| 122 | #include <openssl/krb5_asn.h> | 124 | #include <openssl/krb5_asn.h> |
| 123 | #include "ssl_locl.h" | ||
| 124 | #include "kssl_lcl.h" | ||
| 125 | #include <openssl/md5.h> | 125 | #include <openssl/md5.h> |
| 126 | 126 | ||
| 127 | static SSL_METHOD *ssl3_get_server_method(int ver); | 127 | static SSL_METHOD *ssl3_get_server_method(int ver); |
| @@ -1560,8 +1560,8 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1560 | EVP_CIPHER *enc = NULL; | 1560 | EVP_CIPHER *enc = NULL; |
| 1561 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 1561 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| 1562 | unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH | 1562 | unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH |
| 1563 | + EVP_MAX_IV_LENGTH + 1]; | 1563 | + EVP_MAX_BLOCK_LENGTH]; |
| 1564 | int padl, outl = sizeof(pms); | 1564 | int padl, outl; |
| 1565 | krb5_timestamp authtime = 0; | 1565 | krb5_timestamp authtime = 0; |
| 1566 | krb5_ticket_times ttimes; | 1566 | krb5_ticket_times ttimes; |
| 1567 | 1567 | ||
| @@ -1584,6 +1584,16 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1584 | enc_pms.data = (char *)p; | 1584 | enc_pms.data = (char *)p; |
| 1585 | p+=enc_pms.length; | 1585 | p+=enc_pms.length; |
| 1586 | 1586 | ||
| 1587 | /* Note that the length is checked again below, | ||
| 1588 | ** after decryption | ||
| 1589 | */ | ||
| 1590 | if(enc_pms.length > sizeof pms) | ||
| 1591 | { | ||
| 1592 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1593 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1594 | goto err; | ||
| 1595 | } | ||
| 1596 | |||
| 1587 | if (n != enc_ticket.length + authenticator.length + | 1597 | if (n != enc_ticket.length + authenticator.length + |
| 1588 | enc_pms.length + 6) | 1598 | enc_pms.length + 6) |
| 1589 | { | 1599 | { |