Limit the number of sequential empty records that we will process

before yielding, and fail if we exceed a maximum. loosely based on what boring and openssl are doing ok jsing@
author: beck <> 2017-01-26 07:20:57 +0000
committer: beck <> 2017-01-26 07:20:57 +0000
commit: 4da4912184d7585c1156f7bf674490329e917635 (patch)
tree: 7084b69c15aff2f1f2fea63626df9a5f51b4cb83 /src/lib/libssl/ssl_err.c
parent: 658d10735b253d1c476eedc1f621c0865c0baa52 (diff)
download: openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.gz
openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.bz2
openbsd-4da4912184d7585c1156f7bf674490329e917635.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 04742b60ca..efe3e9473f 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.30 2017/01/26 07:20:57 beck Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -597,6 +597,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
        {ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
        {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
+        {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY)   ,"peer is doing strange or hostile things"},
        {0, NULL}
 };
author	beck <>	2017-01-26 07:20:57 +0000
committer	beck <>	2017-01-26 07:20:57 +0000
commit	4da4912184d7585c1156f7bf674490329e917635 (patch)
tree	7084b69c15aff2f1f2fea63626df9a5f51b4cb83 /src/lib/libssl/ssl_err.c
parent	658d10735b253d1c476eedc1f621c0865c0baa52 (diff)
download	openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.gz openbsd-4da4912184d7585c1156f7bf674490329e917635.tar.bz2 openbsd-4da4912184d7585c1156f7bf674490329e917635.zip