diff options
author | markus <> | 2002-09-12 20:53:05 +0000 |
---|---|---|
committer | markus <> | 2002-09-12 20:53:05 +0000 |
commit | 31392c89d1135cf2a416f97295f6d21681b3fbc4 (patch) | |
tree | 09ce0b27981cae5a4625fa506a24d5c79fc8a13a /src/lib/libssl | |
parent | 715a204e4615e4a70a466fcb383a9a57cad5e6b8 (diff) | |
download | openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.gz openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.bz2 openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.zip |
import openssl-0.9.7-stable-SNAP-20020911 (without idea)
Diffstat (limited to 'src/lib/libssl')
-rw-r--r-- | src/lib/libssl/doc/openssl.txt | 2 | ||||
-rw-r--r-- | src/lib/libssl/s3_clnt.c | 12 | ||||
-rw-r--r-- | src/lib/libssl/s3_srvr.c | 8 | ||||
-rw-r--r-- | src/lib/libssl/ssl.h | 6 | ||||
-rw-r--r-- | src/lib/libssl/ssl_asn1.c | 5 | ||||
-rw-r--r-- | src/lib/libssl/ssl_err.c | 6 | ||||
-rw-r--r-- | src/lib/libssl/ssl_lib.c | 17 | ||||
-rw-r--r-- | src/lib/libssl/ssl_locl.h | 2 | ||||
-rw-r--r-- | src/lib/libssl/ssl_sess.c | 7 |
9 files changed, 53 insertions, 12 deletions
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 5da519e7e4..432a17b66c 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt | |||
@@ -344,7 +344,7 @@ the extension. | |||
344 | 344 | ||
345 | Examples: | 345 | Examples: |
346 | 346 | ||
347 | subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/ | 347 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ |
348 | subjectAltName=email:my@other.address,RID:1.2.3.4 | 348 | subjectAltName=email:my@other.address,RID:1.2.3.4 |
349 | 349 | ||
350 | Issuer Alternative Name. | 350 | Issuer Alternative Name. |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 2699b5863b..2b58482484 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
@@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s) | |||
546 | *(p++)=i; | 546 | *(p++)=i; |
547 | if (i != 0) | 547 | if (i != 0) |
548 | { | 548 | { |
549 | die(i <= sizeof s->session->session_id); | 549 | if (i > sizeof s->session->session_id) |
550 | { | ||
551 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
552 | goto err; | ||
553 | } | ||
550 | memcpy(p,s->session->session_id,i); | 554 | memcpy(p,s->session->session_id,i); |
551 | p+=i; | 555 | p+=i; |
552 | } | 556 | } |
@@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s) | |||
1598 | SSL_MAX_MASTER_KEY_LENGTH); | 1602 | SSL_MAX_MASTER_KEY_LENGTH); |
1599 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | 1603 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); |
1600 | outl += padl; | 1604 | outl += padl; |
1601 | die(outl <= sizeof epms); | 1605 | if (outl > sizeof epms) |
1606 | { | ||
1607 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
1608 | goto err; | ||
1609 | } | ||
1602 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | 1610 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); |
1603 | 1611 | ||
1604 | /* KerberosWrapper.EncryptedPreMasterSecret */ | 1612 | /* KerberosWrapper.EncryptedPreMasterSecret */ |
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 782b57f57a..20d716fb1b 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
@@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s) | |||
965 | s->session->session_id_length=0; | 965 | s->session->session_id_length=0; |
966 | 966 | ||
967 | sl=s->session->session_id_length; | 967 | sl=s->session->session_id_length; |
968 | die(sl <= sizeof s->session->session_id); | 968 | if (sl > sizeof s->session->session_id) |
969 | { | ||
970 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | ||
971 | return -1; | ||
972 | } | ||
969 | *(p++)=sl; | 973 | *(p++)=sl; |
970 | memcpy(p,s->session->session_id,sl); | 974 | memcpy(p,s->session->session_id,sl); |
971 | p+=sl; | 975 | p+=sl; |
@@ -1588,7 +1592,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
1588 | /* Note that the length is checked again below, | 1592 | /* Note that the length is checked again below, |
1589 | ** after decryption | 1593 | ** after decryption |
1590 | */ | 1594 | */ |
1591 | if(enc.pms_length > sizeof pms) | 1595 | if(enc_pms.length > sizeof pms) |
1592 | { | 1596 | { |
1593 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1597 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
1594 | SSL_R_DATA_LENGTH_TOO_LONG); | 1598 | SSL_R_DATA_LENGTH_TOO_LONG); |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index d9949e8eb2..e9d1e896d7 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
@@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void); | |||
1462 | 1462 | ||
1463 | /* Function codes. */ | 1463 | /* Function codes. */ |
1464 | #define SSL_F_CLIENT_CERTIFICATE 100 | 1464 | #define SSL_F_CLIENT_CERTIFICATE 100 |
1465 | #define SSL_F_CLIENT_FINISHED 238 | ||
1465 | #define SSL_F_CLIENT_HELLO 101 | 1466 | #define SSL_F_CLIENT_HELLO 101 |
1466 | #define SSL_F_CLIENT_MASTER_KEY 102 | 1467 | #define SSL_F_CLIENT_MASTER_KEY 102 |
1467 | #define SSL_F_D2I_SSL_SESSION 103 | 1468 | #define SSL_F_D2I_SSL_SESSION 103 |
@@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void); | |||
1475 | #define SSL_F_I2D_SSL_SESSION 111 | 1476 | #define SSL_F_I2D_SSL_SESSION 111 |
1476 | #define SSL_F_READ_N 112 | 1477 | #define SSL_F_READ_N 112 |
1477 | #define SSL_F_REQUEST_CERTIFICATE 113 | 1478 | #define SSL_F_REQUEST_CERTIFICATE 113 |
1479 | #define SSL_F_SERVER_FINISH 239 | ||
1478 | #define SSL_F_SERVER_HELLO 114 | 1480 | #define SSL_F_SERVER_HELLO 114 |
1481 | #define SSL_F_SERVER_VERIFY 240 | ||
1479 | #define SSL_F_SSL23_ACCEPT 115 | 1482 | #define SSL_F_SSL23_ACCEPT 115 |
1480 | #define SSL_F_SSL23_CLIENT_HELLO 116 | 1483 | #define SSL_F_SSL23_CLIENT_HELLO 116 |
1481 | #define SSL_F_SSL23_CONNECT 117 | 1484 | #define SSL_F_SSL23_CONNECT 117 |
@@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void); | |||
1487 | #define SSL_F_SSL2_ACCEPT 122 | 1490 | #define SSL_F_SSL2_ACCEPT 122 |
1488 | #define SSL_F_SSL2_CONNECT 123 | 1491 | #define SSL_F_SSL2_CONNECT 123 |
1489 | #define SSL_F_SSL2_ENC_INIT 124 | 1492 | #define SSL_F_SSL2_ENC_INIT 124 |
1493 | #define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 | ||
1490 | #define SSL_F_SSL2_PEEK 234 | 1494 | #define SSL_F_SSL2_PEEK 234 |
1491 | #define SSL_F_SSL2_READ 125 | 1495 | #define SSL_F_SSL2_READ 125 |
1492 | #define SSL_F_SSL2_READ_INTERNAL 236 | 1496 | #define SSL_F_SSL2_READ_INTERNAL 236 |
@@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void); | |||
1523 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 | 1527 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 |
1524 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 | 1528 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 |
1525 | #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 | 1529 | #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 |
1530 | #define SSL_F_SSL3_SEND_SERVER_HELLO 242 | ||
1526 | #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 | 1531 | #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 |
1527 | #define SSL_F_SSL3_SETUP_BUFFERS 156 | 1532 | #define SSL_F_SSL3_SETUP_BUFFERS 156 |
1528 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | 1533 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
@@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void); | |||
1747 | #define SSL_R_SHORT_READ 219 | 1752 | #define SSL_R_SHORT_READ 219 |
1748 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | 1753 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 |
1749 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | 1754 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 |
1755 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 | ||
1750 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 | 1756 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 |
1751 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | 1757 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 |
1752 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | 1758 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 |
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 1638c6b525..3723fc2e37 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
@@ -294,10 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, | |||
294 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 294 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; |
295 | 295 | ||
296 | if (os.length > i) | 296 | if (os.length > i) |
297 | os.length=i; | 297 | os.length = i; |
298 | if (os.length > sizeof ret->session_id) /* can't happen */ | ||
299 | os.length = sizeof ret->session_id; | ||
298 | 300 | ||
299 | ret->session_id_length=os.length; | 301 | ret->session_id_length=os.length; |
300 | die(os.length <= sizeof ret->session_id); | ||
301 | memcpy(ret->session_id,os.data,os.length); | 302 | memcpy(ret->session_id,os.data,os.length); |
302 | 303 | ||
303 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 304 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); |
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 0cad32c855..7067a745f3 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
@@ -67,6 +67,7 @@ | |||
67 | static ERR_STRING_DATA SSL_str_functs[]= | 67 | static ERR_STRING_DATA SSL_str_functs[]= |
68 | { | 68 | { |
69 | {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, | 69 | {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, |
70 | {ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, | ||
70 | {ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, | 71 | {ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, |
71 | {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, | 72 | {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, |
72 | {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, | 73 | {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, |
@@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
80 | {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, | 81 | {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, |
81 | {ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, | 82 | {ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, |
82 | {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, | 83 | {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, |
84 | {ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, | ||
83 | {ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, | 85 | {ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, |
86 | {ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, | ||
84 | {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, | 87 | {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, |
85 | {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, | 88 | {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, |
86 | {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, | 89 | {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, |
@@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
92 | {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, | 95 | {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, |
93 | {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, | 96 | {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, |
94 | {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, | 97 | {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, |
98 | {ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, | ||
95 | {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, | 99 | {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, |
96 | {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, | 100 | {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, |
97 | {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, | 101 | {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, |
@@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
128 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 132 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, |
129 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, | 133 | {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, |
130 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, | 134 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, |
135 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, | ||
131 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 136 | {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, |
132 | {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, | 137 | {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, |
133 | {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, | 138 | {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, |
@@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
355 | {SSL_R_SHORT_READ ,"short read"}, | 360 | {SSL_R_SHORT_READ ,"short read"}, |
356 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | 361 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, |
357 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, | 362 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, |
363 | {SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, | ||
358 | {SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, | 364 | {SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, |
359 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, | 365 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, |
360 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, | 366 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ab172aeaec..4bc4ce5b3a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a) | |||
1405 | abort(); /* ok */ | 1405 | abort(); /* ok */ |
1406 | } | 1406 | } |
1407 | #endif | 1407 | #endif |
1408 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
1409 | 1408 | ||
1409 | /* | ||
1410 | * Free internal session cache. However: the remove_cb() may reference | ||
1411 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | ||
1412 | * after the sessions were flushed. | ||
1413 | * As the ex_data handling routines might also touch the session cache, | ||
1414 | * the most secure solution seems to be: empty (flush) the cache, then | ||
1415 | * free ex_data, then finally free the cache. | ||
1416 | * (See ticket [openssl.org #212].) | ||
1417 | */ | ||
1410 | if (a->sessions != NULL) | 1418 | if (a->sessions != NULL) |
1411 | { | ||
1412 | SSL_CTX_flush_sessions(a,0); | 1419 | SSL_CTX_flush_sessions(a,0); |
1420 | |||
1421 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
1422 | |||
1423 | if (a->sessions != NULL) | ||
1413 | lh_free(a->sessions); | 1424 | lh_free(a->sessions); |
1414 | } | 1425 | |
1415 | if (a->cert_store != NULL) | 1426 | if (a->cert_store != NULL) |
1416 | X509_STORE_free(a->cert_store); | 1427 | X509_STORE_free(a->cert_store); |
1417 | if (a->cipher_list != NULL) | 1428 | if (a->cipher_list != NULL) |
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index fe4ac839cf..dd6c7a7323 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
@@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | |||
510 | int ssl_verify_alarm_type(long type); | 510 | int ssl_verify_alarm_type(long type); |
511 | 511 | ||
512 | int ssl2_enc_init(SSL *s, int client); | 512 | int ssl2_enc_init(SSL *s, int client); |
513 | void ssl2_generate_key_material(SSL *s); | 513 | int ssl2_generate_key_material(SSL *s); |
514 | void ssl2_enc(SSL *s,int send_data); | 514 | void ssl2_enc(SSL *s,int send_data); |
515 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | 515 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); |
516 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); | 516 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 8bfc382bb6..ca1a7427be 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
@@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session) | |||
251 | ss->session_id_length=0; | 251 | ss->session_id_length=0; |
252 | } | 252 | } |
253 | 253 | ||
254 | die(s->sid_ctx_length <= sizeof ss->sid_ctx); | 254 | if (s->sid_ctx_length > sizeof ss->sid_ctx) |
255 | { | ||
256 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
257 | SSL_SESSION_free(ss); | ||
258 | return 0; | ||
259 | } | ||
255 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 260 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); |
256 | ss->sid_ctx_length=s->sid_ctx_length; | 261 | ss->sid_ctx_length=s->sid_ctx_length; |
257 | s->session=ss; | 262 | s->session=ss; |