diff options
Diffstat (limited to 'src/lib/libssl/s3_both.c')
| -rw-r--r-- | src/lib/libssl/s3_both.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 63fea5217d..5db0a11618 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.40 2015/07/14 03:47:38 doug Exp $ */ | 1 | /* $OpenBSD: s3_both.c,v 1.41 2015/07/14 05:41:07 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -391,9 +391,11 @@ long | |||
| 391 | ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | 391 | ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) |
| 392 | { | 392 | { |
| 393 | unsigned char *p; | 393 | unsigned char *p; |
| 394 | unsigned long l; | 394 | uint32_t l; |
| 395 | long n; | 395 | long n; |
| 396 | int i, al; | 396 | int i, al; |
| 397 | CBS cbs; | ||
| 398 | uint8_t u8; | ||
| 397 | 399 | ||
| 398 | if (s->s3->tmp.reuse_message) { | 400 | if (s->s3->tmp.reuse_message) { |
| 399 | s->s3->tmp.reuse_message = 0; | 401 | s->s3->tmp.reuse_message = 0; |
| @@ -443,8 +445,8 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 443 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); | 445 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); |
| 444 | } | 446 | } |
| 445 | } | 447 | } |
| 446 | } | 448 | |
| 447 | while (skip_message); | 449 | } while (skip_message); |
| 448 | 450 | ||
| 449 | /* s->init_num == 4 */ | 451 | /* s->init_num == 4 */ |
| 450 | 452 | ||
| @@ -453,9 +455,16 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | |||
| 453 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); | 455 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); |
| 454 | goto f_err; | 456 | goto f_err; |
| 455 | } | 457 | } |
| 456 | s->s3->tmp.message_type= *(p++); | ||
| 457 | 458 | ||
| 458 | n2l3(p, l); | 459 | /* XXX remove call to n2l3 */ |
| 460 | CBS_init(&cbs, p, 4); | ||
| 461 | if (!CBS_get_u8(&cbs, &u8) || | ||
| 462 | !CBS_get_u24(&cbs, &l)) { | ||
| 463 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | ||
| 464 | goto err; | ||
| 465 | } | ||
| 466 | s->s3->tmp.message_type = u8; | ||
| 467 | |||
| 459 | if (l > (unsigned long)max) { | 468 | if (l > (unsigned long)max) { |
| 460 | al = SSL_AD_ILLEGAL_PARAMETER; | 469 | al = SSL_AD_ILLEGAL_PARAMETER; |
| 461 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); | 470 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); |