summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/asn1/asn1_lib.c10
-rw-r--r--src/lib/libcrypto/conf/conf_def.c3
-rw-r--r--src/lib/libcrypto/cryptlib.h3
-rw-r--r--src/lib/libcrypto/objects/obj_dat.c2
-rw-r--r--src/lib/libssl/s3_clnt.c9
-rw-r--r--src/lib/libssl/s3_srvr.c1
-rw-r--r--src/lib/libssl/src/CHANGES29
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_lib.c10
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_def.c3
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.h3
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_dat.c2
-rw-r--r--src/lib/libssl/src/ssl/s2_clnt.c8
-rw-r--r--src/lib/libssl/src/ssl/s2_lib.c6
-rw-r--r--src/lib/libssl/src/ssl/s2_srvr.c14
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c9
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c1
-rw-r--r--src/lib/libssl/src/ssl/ssl.h2
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c1
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c7
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c1
-rw-r--r--src/lib/libssl/ssl.h2
-rw-r--r--src/lib/libssl/ssl/Makefile1
-rw-r--r--src/lib/libssl/ssl_asn1.c1
-rw-r--r--src/lib/libssl/ssl_err.c4
-rw-r--r--src/lib/libssl/ssl_lib.c7
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/ssl_sess.c1
29 files changed, 136 insertions, 14 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 830ff2af3c..fd8e77044e 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -123,15 +123,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
123 (int)(omax+ *pp)); 123 (int)(omax+ *pp));
124 124
125#endif 125#endif
126#if 0 126 if (*plength > (omax - (*pp - p)))
127 if ((p+ *plength) > (omax+ *pp))
128 { 127 {
129 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); 128 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
130 /* Set this so that even if things are not long enough 129 /* Set this so that even if things are not long enough
131 * the values are set correctly */ 130 * the values are set correctly */
132 ret|=0x80; 131 ret|=0x80;
133 } 132 }
134#endif
135 *pp=p; 133 *pp=p;
136 return(ret|inf); 134 return(ret|inf);
137err: 135err:
@@ -158,6 +156,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
158 i= *p&0x7f; 156 i= *p&0x7f;
159 if (*(p++) & 0x80) 157 if (*(p++) & 0x80)
160 { 158 {
159 if (i > sizeof(long))
160 return 0;
161 if (max-- == 0) return(0); 161 if (max-- == 0) return(0);
162 while (i-- > 0) 162 while (i-- > 0)
163 { 163 {
@@ -169,6 +169,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
169 else 169 else
170 ret=i; 170 ret=i;
171 } 171 }
172 if (ret < 0)
173 return 0;
172 *pp=p; 174 *pp=p;
173 *rl=ret; 175 *rl=ret;
174 return(1); 176 return(1);
@@ -406,7 +408,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
406 408
407void asn1_add_error(unsigned char *address, int offset) 409void asn1_add_error(unsigned char *address, int offset)
408 { 410 {
409 char buf1[16],buf2[16]; 411 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
410 412
411 sprintf(buf1,"%lu",(unsigned long)address); 413 sprintf(buf1,"%lu",(unsigned long)address);
412 sprintf(buf2,"%d",offset); 414 sprintf(buf2,"%d",offset);
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index 31f2766246..5e194de60e 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -67,6 +67,7 @@
67#include "conf_def.h" 67#include "conf_def.h"
68#include <openssl/buffer.h> 68#include <openssl/buffer.h>
69#include <openssl/err.h> 69#include <openssl/err.h>
70#include "cryptlib.h"
70 71
71static char *eat_ws(CONF *conf, char *p); 72static char *eat_ws(CONF *conf, char *p);
72static char *eat_alpha_numeric(CONF *conf, char *p); 73static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line)
208static int def_load_bio(CONF *conf, BIO *in, long *line) 209static int def_load_bio(CONF *conf, BIO *in, long *line)
209 { 210 {
210#define BUFSIZE 512 211#define BUFSIZE 512
211 char btmp[16];
212 int bufnum=0,i,ii; 212 int bufnum=0,i,ii;
213 BUF_MEM *buff=NULL; 213 BUF_MEM *buff=NULL;
214 char *s,*p,*end; 214 char *s,*p,*end;
215 int again,n; 215 int again,n;
216 long eline=0; 216 long eline=0;
217 char btmp[DECIMAL_SIZE(eline)+1];
217 CONF_VALUE *v=NULL,*tv; 218 CONF_VALUE *v=NULL,*tv;
218 CONF_VALUE *sv=NULL; 219 CONF_VALUE *sv=NULL;
219 char *section=NULL,*buf; 220 char *section=NULL,*buf;
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index a0489e57fc..37ce7721fb 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -89,6 +89,9 @@ extern "C" {
89#define X509_CERT_DIR_EVP "SSL_CERT_DIR" 89#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
90#define X509_CERT_FILE_EVP "SSL_CERT_FILE" 90#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
91 91
92/* size of string represenations */
93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
94
92#ifdef __cplusplus 95#ifdef __cplusplus
93} 96}
94#endif 97#endif
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 3ff64bb8d1..02c3719f04 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
436 unsigned long l; 436 unsigned long l;
437 unsigned char *p; 437 unsigned char *p;
438 const char *s; 438 const char *s;
439 char tbuf[32]; 439 char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
440 440
441 if (buf_len <= 0) return(0); 441 if (buf_len <= 0) return(0);
442 442
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index e5853ede95..b6be748932 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -545,6 +545,7 @@ static int ssl3_client_hello(SSL *s)
545 *(p++)=i; 545 *(p++)=i;
546 if (i != 0) 546 if (i != 0)
547 { 547 {
548 die(i <= sizeof s->session->session_id);
548 memcpy(p,s->session->session_id,i); 549 memcpy(p,s->session->session_id,i);
549 p+=i; 550 p+=i;
550 } 551 }
@@ -626,6 +627,14 @@ static int ssl3_get_server_hello(SSL *s)
626 /* get the session-id */ 627 /* get the session-id */
627 j= *(p++); 628 j= *(p++);
628 629
630 if(j > sizeof s->session->session_id)
631 {
632 al=SSL_AD_ILLEGAL_PARAMETER;
633 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
634 SSL_R_SSL3_SESSION_ID_TOO_LONG);
635 goto f_err;
636 }
637
629 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) 638 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
630 { 639 {
631 /* SSLref returns 16 :-( */ 640 /* SSLref returns 16 :-( */
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 99b6a86983..3748cd7c24 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -964,6 +964,7 @@ static int ssl3_send_server_hello(SSL *s)
964 s->session->session_id_length=0; 964 s->session->session_id_length=0;
965 965
966 sl=s->session->session_id_length; 966 sl=s->session->session_id_length;
967 die(sl <= sizeof s->session->session_id);
967 *(p++)=sl; 968 *(p++)=sl;
968 memcpy(p,s->session->session_id,sl); 969 memcpy(p,s->session->session_id,sl);
969 p+=sl; 970 p+=sl;
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index d63996c70d..64c33c7048 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -1622,6 +1622,35 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
1622 *) Fix EVP_dsa_sha macro. 1622 *) Fix EVP_dsa_sha macro.
1623 [Nils Larsch] 1623 [Nils Larsch]
1624 1624
1625 Changes in security patch
1626
1627Changes marked "(CHATS)" were sponsored by the Defense Advanced
1628Research Projects Agency (DARPA) and Air Force Research Laboratory,
1629Air Force Materiel Command, USAF, under agreement number
1630F30602-01-2-0537.
1631
1632 *) Add various sanity checks to asn1_get_length() to reject
1633 the ASN1 length bytes if they exceed sizeof(long), will appear
1634 negative or the content length exceeds the length of the
1635 supplied buffer.
1636 [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
1637
1638 *) Assertions for various potential buffer overflows, not known to
1639 happen in practice.
1640 [Ben Laurie (CHATS)]
1641
1642 *) Various temporary buffers to hold ASCII versions of integers were
1643 too small for 64 bit platforms. (CAN-2002-0655)
1644 [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
1645
1646 *) Remote buffer overflow in SSL3 protocol - an attacker could
1647 supply an oversized session ID to a client. (CAN-2002-0656)
1648 [Ben Laurie (CHATS)]
1649
1650 *) Remote buffer overflow in SSL2 protocol - an attacker could
1651 supply an oversized client master key. (CAN-2002-0656)
1652 [Ben Laurie (CHATS)]
1653
1625 Changes between 0.9.6c and 0.9.6d [9 May 2002] 1654 Changes between 0.9.6c and 0.9.6d [9 May 2002]
1626 1655
1627 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 1656 *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
index 830ff2af3c..fd8e77044e 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c
@@ -123,15 +123,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
123 (int)(omax+ *pp)); 123 (int)(omax+ *pp));
124 124
125#endif 125#endif
126#if 0 126 if (*plength > (omax - (*pp - p)))
127 if ((p+ *plength) > (omax+ *pp))
128 { 127 {
129 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); 128 ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
130 /* Set this so that even if things are not long enough 129 /* Set this so that even if things are not long enough
131 * the values are set correctly */ 130 * the values are set correctly */
132 ret|=0x80; 131 ret|=0x80;
133 } 132 }
134#endif
135 *pp=p; 133 *pp=p;
136 return(ret|inf); 134 return(ret|inf);
137err: 135err:
@@ -158,6 +156,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
158 i= *p&0x7f; 156 i= *p&0x7f;
159 if (*(p++) & 0x80) 157 if (*(p++) & 0x80)
160 { 158 {
159 if (i > sizeof(long))
160 return 0;
161 if (max-- == 0) return(0); 161 if (max-- == 0) return(0);
162 while (i-- > 0) 162 while (i-- > 0)
163 { 163 {
@@ -169,6 +169,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
169 else 169 else
170 ret=i; 170 ret=i;
171 } 171 }
172 if (ret < 0)
173 return 0;
172 *pp=p; 174 *pp=p;
173 *rl=ret; 175 *rl=ret;
174 return(1); 176 return(1);
@@ -406,7 +408,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
406 408
407void asn1_add_error(unsigned char *address, int offset) 409void asn1_add_error(unsigned char *address, int offset)
408 { 410 {
409 char buf1[16],buf2[16]; 411 char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
410 412
411 sprintf(buf1,"%lu",(unsigned long)address); 413 sprintf(buf1,"%lu",(unsigned long)address);
412 sprintf(buf2,"%d",offset); 414 sprintf(buf2,"%d",offset);
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index 31f2766246..5e194de60e 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -67,6 +67,7 @@
67#include "conf_def.h" 67#include "conf_def.h"
68#include <openssl/buffer.h> 68#include <openssl/buffer.h>
69#include <openssl/err.h> 69#include <openssl/err.h>
70#include "cryptlib.h"
70 71
71static char *eat_ws(CONF *conf, char *p); 72static char *eat_ws(CONF *conf, char *p);
72static char *eat_alpha_numeric(CONF *conf, char *p); 73static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line)
208static int def_load_bio(CONF *conf, BIO *in, long *line) 209static int def_load_bio(CONF *conf, BIO *in, long *line)
209 { 210 {
210#define BUFSIZE 512 211#define BUFSIZE 512
211 char btmp[16];
212 int bufnum=0,i,ii; 212 int bufnum=0,i,ii;
213 BUF_MEM *buff=NULL; 213 BUF_MEM *buff=NULL;
214 char *s,*p,*end; 214 char *s,*p,*end;
215 int again,n; 215 int again,n;
216 long eline=0; 216 long eline=0;
217 char btmp[DECIMAL_SIZE(eline)+1];
217 CONF_VALUE *v=NULL,*tv; 218 CONF_VALUE *v=NULL,*tv;
218 CONF_VALUE *sv=NULL; 219 CONF_VALUE *sv=NULL;
219 char *section=NULL,*buf; 220 char *section=NULL,*buf;
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index a0489e57fc..37ce7721fb 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -89,6 +89,9 @@ extern "C" {
89#define X509_CERT_DIR_EVP "SSL_CERT_DIR" 89#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
90#define X509_CERT_FILE_EVP "SSL_CERT_FILE" 90#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
91 91
92/* size of string represenations */
93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
94
92#ifdef __cplusplus 95#ifdef __cplusplus
93} 96}
94#endif 97#endif
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 3ff64bb8d1..02c3719f04 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
436 unsigned long l; 436 unsigned long l;
437 unsigned char *p; 437 unsigned char *p;
438 const char *s; 438 const char *s;
439 char tbuf[32]; 439 char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
440 440
441 if (buf_len <= 0) return(0); 441 if (buf_len <= 0) return(0);
442 442
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index 4cb1184161..42ad313183 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -116,6 +116,7 @@
116#include <openssl/buffer.h> 116#include <openssl/buffer.h>
117#include <openssl/objects.h> 117#include <openssl/objects.h>
118#include <openssl/evp.h> 118#include <openssl/evp.h>
119#include "ssl_locl.h"
119 120
120static SSL_METHOD *ssl2_get_client_method(int ver); 121static SSL_METHOD *ssl2_get_client_method(int ver);
121static int get_server_finished(SSL *s); 122static int get_server_finished(SSL *s);
@@ -535,6 +536,7 @@ static int get_server_hello(SSL *s)
535 } 536 }
536 537
537 s->s2->conn_id_length=s->s2->tmp.conn_id_length; 538 s->s2->conn_id_length=s->s2->tmp.conn_id_length;
539 die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
538 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); 540 memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
539 return(1); 541 return(1);
540 } 542 }
@@ -636,6 +638,7 @@ static int client_master_key(SSL *s)
636 /* make key_arg data */ 638 /* make key_arg data */
637 i=EVP_CIPHER_iv_length(c); 639 i=EVP_CIPHER_iv_length(c);
638 sess->key_arg_length=i; 640 sess->key_arg_length=i;
641 die(i <= SSL_MAX_KEY_ARG_LENGTH);
639 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); 642 if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
640 643
641 /* make a master key */ 644 /* make a master key */
@@ -643,6 +646,7 @@ static int client_master_key(SSL *s)
643 sess->master_key_length=i; 646 sess->master_key_length=i;
644 if (i > 0) 647 if (i > 0)
645 { 648 {
649 die(i <= sizeof sess->master_key);
646 if (RAND_bytes(sess->master_key,i) <= 0) 650 if (RAND_bytes(sess->master_key,i) <= 0)
647 { 651 {
648 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); 652 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
@@ -686,6 +690,7 @@ static int client_master_key(SSL *s)
686 d+=enc; 690 d+=enc;
687 karg=sess->key_arg_length; 691 karg=sess->key_arg_length;
688 s2n(karg,p); /* key arg size */ 692 s2n(karg,p); /* key arg size */
693 die(karg <= sizeof sess->key_arg);
689 memcpy(d,sess->key_arg,(unsigned int)karg); 694 memcpy(d,sess->key_arg,(unsigned int)karg);
690 d+=karg; 695 d+=karg;
691 696
@@ -706,6 +711,7 @@ static int client_finished(SSL *s)
706 { 711 {
707 p=(unsigned char *)s->init_buf->data; 712 p=(unsigned char *)s->init_buf->data;
708 *(p++)=SSL2_MT_CLIENT_FINISHED; 713 *(p++)=SSL2_MT_CLIENT_FINISHED;
714 die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
709 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); 715 memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
710 716
711 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; 717 s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -978,6 +984,8 @@ static int get_server_finished(SSL *s)
978 { 984 {
979 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) 985 if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
980 { 986 {
987 die(s->session->session_id_length
988 <= sizeof s->session->session_id);
981 if (memcmp(buf,s->session->session_id, 989 if (memcmp(buf,s->session->session_id,
982 (unsigned int)s->session->session_id_length) != 0) 990 (unsigned int)s->session->session_id_length) != 0)
983 { 991 {
diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c
index eb315bcf07..83d5730ff3 100644
--- a/src/lib/libssl/src/ssl/s2_lib.c
+++ b/src/lib/libssl/src/ssl/s2_lib.c
@@ -63,6 +63,7 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/md5.h> 65#include <openssl/md5.h>
66#include "ssl_locl.h"
66 67
67static long ssl2_default_timeout(void ); 68static long ssl2_default_timeout(void );
68const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; 69const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -428,10 +429,14 @@ void ssl2_generate_key_material(SSL *s)
428#endif 429#endif
429 EVP_MD_CTX_init(&ctx); 430 EVP_MD_CTX_init(&ctx);
430 km=s->s2->key_material; 431 km=s->s2->key_material;
432 die(s->s2->key_material_length <= sizeof s->s2->key_material);
431 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) 433 for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
432 { 434 {
433 EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); 435 EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
434 436
437 die(s->session->master_key_length >= 0
438 && s->session->master_key_length
439 < sizeof s->session->master_key);
435 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); 440 EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
436 EVP_DigestUpdate(&ctx,&c,1); 441 EVP_DigestUpdate(&ctx,&c,1);
437 c++; 442 c++;
@@ -467,6 +472,7 @@ void ssl2_write_error(SSL *s)
467/* state=s->rwstate;*/ 472/* state=s->rwstate;*/
468 error=s->error; 473 error=s->error;
469 s->error=0; 474 s->error=0;
475 die(error >= 0 && error <= 3);
470 i=ssl2_write(s,&(buf[3-error]),error); 476 i=ssl2_write(s,&(buf[3-error]),error);
471/* if (i == error) s->rwstate=state; */ 477/* if (i == error) s->rwstate=state; */
472 478
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 56da65195e..a83605a1b7 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -116,6 +116,7 @@
116#include <openssl/rand.h> 116#include <openssl/rand.h>
117#include <openssl/objects.h> 117#include <openssl/objects.h>
118#include <openssl/evp.h> 118#include <openssl/evp.h>
119#include "ssl_locl.h"
119 120
120static SSL_METHOD *ssl2_get_server_method(int ver); 121static SSL_METHOD *ssl2_get_server_method(int ver);
121static int get_client_master_key(SSL *s); 122static int get_client_master_key(SSL *s);
@@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s)
417 n2s(p,i); s->s2->tmp.clear=i; 418 n2s(p,i); s->s2->tmp.clear=i;
418 n2s(p,i); s->s2->tmp.enc=i; 419 n2s(p,i); s->s2->tmp.enc=i;
419 n2s(p,i); s->session->key_arg_length=i; 420 n2s(p,i); s->session->key_arg_length=i;
421 if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
422 {
423 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
424 SSL_R_KEY_ARG_TOO_LONG);
425 return -1;
426 }
420 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; 427 s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
421 } 428 }
422 429
423 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ 430 /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
424 p=(unsigned char *)s->init_buf->data; 431 p=(unsigned char *)s->init_buf->data;
432 die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
425 keya=s->session->key_arg_length; 433 keya=s->session->key_arg_length;
426 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; 434 len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
427 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) 435 if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -504,6 +512,7 @@ static int get_client_master_key(SSL *s)
504#endif 512#endif
505 513
506 if (is_export) i+=s->s2->tmp.clear; 514 if (is_export) i+=s->s2->tmp.clear;
515 die(i <= SSL_MAX_MASTER_KEY_LENGTH);
507 s->session->master_key_length=i; 516 s->session->master_key_length=i;
508 memcpy(s->session->master_key,p,(unsigned int)i); 517 memcpy(s->session->master_key,p,(unsigned int)i);
509 return(1); 518 return(1);
@@ -670,6 +679,7 @@ static int get_client_hello(SSL *s)
670 p+=s->s2->tmp.session_id_length; 679 p+=s->s2->tmp.session_id_length;
671 680
672 /* challenge */ 681 /* challenge */
682 die(s->s2->challenge_length <= sizeof s->s2->challenge);
673 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); 683 memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
674 return(1); 684 return(1);
675mem_err: 685mem_err:
@@ -826,6 +836,7 @@ static int get_client_finished(SSL *s)
826 } 836 }
827 837
828 /* SSL2_ST_GET_CLIENT_FINISHED_B */ 838 /* SSL2_ST_GET_CLIENT_FINISHED_B */
839 die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
829 len = 1 + (unsigned long)s->s2->conn_id_length; 840 len = 1 + (unsigned long)s->s2->conn_id_length;
830 n = (int)len - s->init_num; 841 n = (int)len - s->init_num;
831 i = ssl2_read(s,(char *)&(p[s->init_num]),n); 842 i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -853,6 +864,7 @@ static int server_verify(SSL *s)
853 { 864 {
854 p=(unsigned char *)s->init_buf->data; 865 p=(unsigned char *)s->init_buf->data;
855 *(p++)=SSL2_MT_SERVER_VERIFY; 866 *(p++)=SSL2_MT_SERVER_VERIFY;
867 die(s->s2->challenge_length <= sizeof s->s2->challenge);
856 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); 868 memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
857 /* p+=s->s2->challenge_length; */ 869 /* p+=s->s2->challenge_length; */
858 870
@@ -872,6 +884,8 @@ static int server_finish(SSL *s)
872 p=(unsigned char *)s->init_buf->data; 884 p=(unsigned char *)s->init_buf->data;
873 *(p++)=SSL2_MT_SERVER_FINISHED; 885 *(p++)=SSL2_MT_SERVER_FINISHED;
874 886
887 die(s->session->session_id_length
888 <= sizeof s->session->session_id);
875 memcpy(p,s->session->session_id, 889 memcpy(p,s->session->session_id,
876 (unsigned int)s->session->session_id_length); 890 (unsigned int)s->session->session_id_length);
877 /* p+=s->session->session_id_length; */ 891 /* p+=s->session->session_id_length; */
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index e5853ede95..b6be748932 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -545,6 +545,7 @@ static int ssl3_client_hello(SSL *s)
545 *(p++)=i; 545 *(p++)=i;
546 if (i != 0) 546 if (i != 0)
547 { 547 {
548 die(i <= sizeof s->session->session_id);
548 memcpy(p,s->session->session_id,i); 549 memcpy(p,s->session->session_id,i);
549 p+=i; 550 p+=i;
550 } 551 }
@@ -626,6 +627,14 @@ static int ssl3_get_server_hello(SSL *s)
626 /* get the session-id */ 627 /* get the session-id */
627 j= *(p++); 628 j= *(p++);
628 629
630 if(j > sizeof s->session->session_id)
631 {
632 al=SSL_AD_ILLEGAL_PARAMETER;
633 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
634 SSL_R_SSL3_SESSION_ID_TOO_LONG);
635 goto f_err;
636 }
637
629 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) 638 if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
630 { 639 {
631 /* SSLref returns 16 :-( */ 640 /* SSLref returns 16 :-( */
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 99b6a86983..3748cd7c24 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -964,6 +964,7 @@ static int ssl3_send_server_hello(SSL *s)
964 s->session->session_id_length=0; 964 s->session->session_id_length=0;
965 965
966 sl=s->session->session_id_length; 966 sl=s->session->session_id_length;
967 die(sl <= sizeof s->session->session_id);
967 *(p++)=sl; 968 *(p++)=sl;
968 memcpy(p,s->session->session_id,sl); 969 memcpy(p,s->session->session_id,sl);
969 p+=sl; 970 p+=sl;
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 833f761690..ce6354b2ff 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -1637,6 +1637,7 @@ void ERR_load_SSL_strings(void);
1637#define SSL_R_INVALID_COMMAND 280 1637#define SSL_R_INVALID_COMMAND 280
1638#define SSL_R_INVALID_PURPOSE 278 1638#define SSL_R_INVALID_PURPOSE 278
1639#define SSL_R_INVALID_TRUST 279 1639#define SSL_R_INVALID_TRUST 279
1640#define SSL_R_KEY_ARG_TOO_LONG 1112
1640#define SSL_R_KRB5 1104 1641#define SSL_R_KRB5 1104
1641#define SSL_R_KRB5_C_CC_PRINC 1094 1642#define SSL_R_KRB5_C_CC_PRINC 1094
1642#define SSL_R_KRB5_C_GET_CRED 1095 1643#define SSL_R_KRB5_C_GET_CRED 1095
@@ -1716,6 +1717,7 @@ void ERR_load_SSL_strings(void);
1716#define SSL_R_SHORT_READ 219 1717#define SSL_R_SHORT_READ 219
1717#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1718#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1718#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1719#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1720#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
1719#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1721#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1720#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1722#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1721#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1723#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index c5eeeb6bc5..39ffa46cee 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -296,6 +296,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
296 os.length=i; 296 os.length=i;
297 297
298 ret->session_id_length=os.length; 298 ret->session_id_length=os.length;
299 die(os.length <= sizeof ret->session_id);
299 memcpy(ret->session_id,os.data,os.length); 300 memcpy(ret->session_id,os.data,os.length);
300 301
301 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); 302 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index c32c4ef6e9..0cad32c855 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,6 +1,6 @@
1/* ssl/ssl_err.c */ 1/* ssl/ssl_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
275{SSL_R_INVALID_COMMAND ,"invalid command"}, 275{SSL_R_INVALID_COMMAND ,"invalid command"},
276{SSL_R_INVALID_PURPOSE ,"invalid purpose"}, 276{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
277{SSL_R_INVALID_TRUST ,"invalid trust"}, 277{SSL_R_INVALID_TRUST ,"invalid trust"},
278{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
278{SSL_R_KRB5 ,"krb5"}, 279{SSL_R_KRB5 ,"krb5"},
279{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, 280{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
280{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, 281{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
@@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
354{SSL_R_SHORT_READ ,"short read"}, 355{SSL_R_SHORT_READ ,"short read"},
355{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 356{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
356{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 357{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
358{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
357{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 359{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
358{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 360{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
359{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, 361{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index df307a80c5..e516382b6c 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -2289,3 +2289,10 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
2289 2289
2290IMPLEMENT_STACK_OF(SSL_CIPHER) 2290IMPLEMENT_STACK_OF(SSL_CIPHER)
2291IMPLEMENT_STACK_OF(SSL_COMP) 2291IMPLEMENT_STACK_OF(SSL_COMP)
2292
2293void OpenSSLDie(const char *file,int line,const char *assertion)
2294 {
2295 fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
2296 file,line,assertion);
2297 abort();
2298 }
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 5208c4c42a..0029edc3a6 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -615,5 +615,8 @@ int ssl_ok(SSL *s);
615SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 615SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
616STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 616STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
617 617
618/* die if we have to */
619void OpenSSLDie(const char *file,int line,const char *assertion);
620#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
618 621
619#endif 622#endif
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 6424f775e2..a0c3100b29 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -250,6 +250,7 @@ int ssl_get_new_session(SSL *s, int session)
250 ss->session_id_length=0; 250 ss->session_id_length=0;
251 } 251 }
252 252
253 die(s->sid_ctx_length <= sizeof ss->sid_ctx);
253 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 254 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
254 ss->sid_ctx_length=s->sid_ctx_length; 255 ss->sid_ctx_length=s->sid_ctx_length;
255 s->session=ss; 256 s->session=ss;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 833f761690..ce6354b2ff 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1637,6 +1637,7 @@ void ERR_load_SSL_strings(void);
1637#define SSL_R_INVALID_COMMAND 280 1637#define SSL_R_INVALID_COMMAND 280
1638#define SSL_R_INVALID_PURPOSE 278 1638#define SSL_R_INVALID_PURPOSE 278
1639#define SSL_R_INVALID_TRUST 279 1639#define SSL_R_INVALID_TRUST 279
1640#define SSL_R_KEY_ARG_TOO_LONG 1112
1640#define SSL_R_KRB5 1104 1641#define SSL_R_KRB5 1104
1641#define SSL_R_KRB5_C_CC_PRINC 1094 1642#define SSL_R_KRB5_C_CC_PRINC 1094
1642#define SSL_R_KRB5_C_GET_CRED 1095 1643#define SSL_R_KRB5_C_GET_CRED 1095
@@ -1716,6 +1717,7 @@ void ERR_load_SSL_strings(void);
1716#define SSL_R_SHORT_READ 219 1717#define SSL_R_SHORT_READ 219
1717#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1718#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1718#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1719#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1720#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
1719#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1721#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1720#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1722#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1721#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1723#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile
index 0fd5407dca..410399d216 100644
--- a/src/lib/libssl/ssl/Makefile
+++ b/src/lib/libssl/ssl/Makefile
@@ -27,6 +27,7 @@ CFLAGS+= -DB_ENDIAN
27CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR 27CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR
28CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H 28CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H
29CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}/include 29CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}/include
30CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}/crypto
30CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} 31CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST}
31 32
32SRCS= bio_ssl.c s2_clnt.c s3_both.c s3_srvr.c ssl_err2.c ssl_txt.c \ 33SRCS= bio_ssl.c s2_clnt.c s3_both.c s3_srvr.c ssl_err2.c ssl_txt.c \
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index c5eeeb6bc5..39ffa46cee 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -296,6 +296,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
296 os.length=i; 296 os.length=i;
297 297
298 ret->session_id_length=os.length; 298 ret->session_id_length=os.length;
299 die(os.length <= sizeof ret->session_id);
299 memcpy(ret->session_id,os.data,os.length); 300 memcpy(ret->session_id,os.data,os.length);
300 301
301 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); 302 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index c32c4ef6e9..0cad32c855 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,6 +1,6 @@
1/* ssl/ssl_err.c */ 1/* ssl/ssl_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
275{SSL_R_INVALID_COMMAND ,"invalid command"}, 275{SSL_R_INVALID_COMMAND ,"invalid command"},
276{SSL_R_INVALID_PURPOSE ,"invalid purpose"}, 276{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
277{SSL_R_INVALID_TRUST ,"invalid trust"}, 277{SSL_R_INVALID_TRUST ,"invalid trust"},
278{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"},
278{SSL_R_KRB5 ,"krb5"}, 279{SSL_R_KRB5 ,"krb5"},
279{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, 280{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"},
280{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, 281{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"},
@@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
354{SSL_R_SHORT_READ ,"short read"}, 355{SSL_R_SHORT_READ ,"short read"},
355{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 356{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
356{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 357{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
358{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"},
357{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 359{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
358{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 360{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
359{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, 361{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index df307a80c5..e516382b6c 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -2289,3 +2289,10 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
2289 2289
2290IMPLEMENT_STACK_OF(SSL_CIPHER) 2290IMPLEMENT_STACK_OF(SSL_CIPHER)
2291IMPLEMENT_STACK_OF(SSL_COMP) 2291IMPLEMENT_STACK_OF(SSL_COMP)
2292
2293void OpenSSLDie(const char *file,int line,const char *assertion)
2294 {
2295 fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
2296 file,line,assertion);
2297 abort();
2298 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 5208c4c42a..0029edc3a6 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -615,5 +615,8 @@ int ssl_ok(SSL *s);
615SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 615SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
616STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 616STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
617 617
618/* die if we have to */
619void OpenSSLDie(const char *file,int line,const char *assertion);
620#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
618 621
619#endif 622#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 6424f775e2..a0c3100b29 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -250,6 +250,7 @@ int ssl_get_new_session(SSL *s, int session)
250 ss->session_id_length=0; 250 ss->session_id_length=0;
251 } 251 }
252 252
253 die(s->sid_ctx_length <= sizeof ss->sid_ctx);
253 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); 254 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
254 ss->sid_ctx_length=s->sid_ctx_length; 255 ss->sid_ctx_length=s->sid_ctx_length;
255 s->session=ss; 256 s->session=ss;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:30:14 +0000