summaryrefslogtreecommitdiff
path: root/src/lib/libssl/d1_clnt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/d1_clnt.c')
-rw-r--r--src/lib/libssl/d1_clnt.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 3f47a3854b..b85908c733 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.28 2014/07/11 09:24:44 beck Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.29 2014/07/11 22:57:25 miod Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -879,6 +879,8 @@ dtls1_get_hello_verify(SSL *s)
879 return (1); 879 return (1);
880 } 880 }
881 881
882 if (2 > n)
883 goto truncated;
882 data = (unsigned char *)s->init_msg; 884 data = (unsigned char *)s->init_msg;
883 885
884 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { 886 if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) {
@@ -889,7 +891,11 @@ dtls1_get_hello_verify(SSL *s)
889 } 891 }
890 data += 2; 892 data += 2;
891 893
894 if (2 + 1 > n)
895 goto truncated;
892 cookie_len = *(data++); 896 cookie_len = *(data++);
897 if (2 + 1 + cookie_len > n)
898 goto truncated;
893 if (cookie_len > sizeof(s->d1->cookie)) { 899 if (cookie_len > sizeof(s->d1->cookie)) {
894 al = SSL_AD_ILLEGAL_PARAMETER; 900 al = SSL_AD_ILLEGAL_PARAMETER;
895 goto f_err; 901 goto f_err;
@@ -901,6 +907,8 @@ dtls1_get_hello_verify(SSL *s)
901 s->d1->send_cookie = 1; 907 s->d1->send_cookie = 1;
902 return 1; 908 return 1;
903 909
910truncated:
911 al = SSL_AD_DECODE_ERROR;
904f_err: 912f_err:
905 ssl3_send_alert(s, SSL3_AL_FATAL, al); 913 ssl3_send_alert(s, SSL3_AL_FATAL, al);
906 return -1; 914 return -1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 06:40:02 +0000