diff options
| author | doug <> | 2015-04-29 01:23:20 +0000 |
|---|---|---|
| committer | doug <> | 2015-04-29 01:23:20 +0000 |
| commit | dbbc82b4feef691a1a1b227a229e25dadd40e50a (patch) | |
| tree | 3d4d65a63eeac83275e574149c7cc70bd0579c38 /src | |
| parent | aa2d9cda16e2ed9c9e86c67f6d2710e219278e66 (diff) | |
| download | openbsd-dbbc82b4feef691a1a1b227a229e25dadd40e50a.tar.gz openbsd-dbbc82b4feef691a1a1b227a229e25dadd40e50a.tar.bz2 openbsd-dbbc82b4feef691a1a1b227a229e25dadd40e50a.zip | |
Added error checking for len argument in cbs_get_u().
tweak + ok jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/bs_cbs.c | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/bs_cbs.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c index 25305b9edd..fc2eafff0e 100644 --- a/src/lib/libssl/bs_cbs.c +++ b/src/lib/libssl/bs_cbs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bs_cbs.c,v 1.4 2015/04/29 01:16:06 doug Exp $ */ | 1 | /* $OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014, Google Inc. | 3 | * Copyright (c) 2014, Google Inc. |
| 4 | * | 4 | * |
| @@ -110,6 +110,9 @@ cbs_get_u(CBS *cbs, uint32_t *out, size_t len) | |||
| 110 | size_t i; | 110 | size_t i; |
| 111 | const uint8_t *data; | 111 | const uint8_t *data; |
| 112 | 112 | ||
| 113 | if (len < 1 || len > 4) | ||
| 114 | return 0; | ||
| 115 | |||
| 113 | if (!cbs_get(cbs, &data, len)) | 116 | if (!cbs_get(cbs, &data, len)) |
| 114 | return 0; | 117 | return 0; |
| 115 | 118 | ||
diff --git a/src/lib/libssl/src/ssl/bs_cbs.c b/src/lib/libssl/src/ssl/bs_cbs.c index 25305b9edd..fc2eafff0e 100644 --- a/src/lib/libssl/src/ssl/bs_cbs.c +++ b/src/lib/libssl/src/ssl/bs_cbs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bs_cbs.c,v 1.4 2015/04/29 01:16:06 doug Exp $ */ | 1 | /* $OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014, Google Inc. | 3 | * Copyright (c) 2014, Google Inc. |
| 4 | * | 4 | * |
| @@ -110,6 +110,9 @@ cbs_get_u(CBS *cbs, uint32_t *out, size_t len) | |||
| 110 | size_t i; | 110 | size_t i; |
| 111 | const uint8_t *data; | 111 | const uint8_t *data; |
| 112 | 112 | ||
| 113 | if (len < 1 || len > 4) | ||
| 114 | return 0; | ||
| 115 | |||
| 113 | if (!cbs_get(cbs, &data, len)) | 116 | if (!cbs_get(cbs, &data, len)) |
| 114 | return 0; | 117 | return 0; |
| 115 | 118 | ||