diff options
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
| -rw-r--r-- | src/lib/libssl/s3_srvr.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 782b57f57a..20d716fb1b 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s) | |||
| 965 | s->session->session_id_length=0; | 965 | s->session->session_id_length=0; |
| 966 | 966 | ||
| 967 | sl=s->session->session_id_length; | 967 | sl=s->session->session_id_length; |
| 968 | die(sl <= sizeof s->session->session_id); | 968 | if (sl > sizeof s->session->session_id) |
| 969 | { | ||
| 970 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 971 | return -1; | ||
| 972 | } | ||
| 969 | *(p++)=sl; | 973 | *(p++)=sl; |
| 970 | memcpy(p,s->session->session_id,sl); | 974 | memcpy(p,s->session->session_id,sl); |
| 971 | p+=sl; | 975 | p+=sl; |
| @@ -1588,7 +1592,7 @@ static int ssl3_get_client_key_exchange(SSL *s) | |||
| 1588 | /* Note that the length is checked again below, | 1592 | /* Note that the length is checked again below, |
| 1589 | ** after decryption | 1593 | ** after decryption |
| 1590 | */ | 1594 | */ |
| 1591 | if(enc.pms_length > sizeof pms) | 1595 | if(enc_pms.length > sizeof pms) |
| 1592 | { | 1596 | { |
| 1593 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | 1597 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1594 | SSL_R_DATA_LENGTH_TOO_LONG); | 1598 | SSL_R_DATA_LENGTH_TOO_LONG); |