summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
-rw-r--r--src/lib/libssl/s3_srvr.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 881f68b998..deb3cffabe 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -121,9 +121,10 @@
121#include <openssl/objects.h> 121#include <openssl/objects.h>
122#include <openssl/evp.h> 122#include <openssl/evp.h>
123#include <openssl/x509.h> 123#include <openssl/x509.h>
124#ifndef OPENSSL_NO_KRB5
124#include <openssl/krb5_asn.h> 125#include <openssl/krb5_asn.h>
126#endif
125#include <openssl/md5.h> 127#include <openssl/md5.h>
126#include "cryptlib.h"
127 128
128static SSL_METHOD *ssl3_get_server_method(int ver); 129static SSL_METHOD *ssl3_get_server_method(int ver);
129static int ssl3_get_client_hello(SSL *s); 130static int ssl3_get_client_hello(SSL *s);
@@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
1587 1588
1588 n2s(p,i); 1589 n2s(p,i);
1589 enc_ticket.length = i; 1590 enc_ticket.length = i;
1591
1592 if (n < enc_ticket.length + 6)
1593 {
1594 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1595 SSL_R_DATA_LENGTH_TOO_LONG);
1596 goto err;
1597 }
1598
1590 enc_ticket.data = (char *)p; 1599 enc_ticket.data = (char *)p;
1591 p+=enc_ticket.length; 1600 p+=enc_ticket.length;
1592 1601
1593 n2s(p,i); 1602 n2s(p,i);
1594 authenticator.length = i; 1603 authenticator.length = i;
1604
1605 if (n < enc_ticket.length + authenticator.length + 6)
1606 {
1607 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1608 SSL_R_DATA_LENGTH_TOO_LONG);
1609 goto err;
1610 }
1611
1595 authenticator.data = (char *)p; 1612 authenticator.data = (char *)p;
1596 p+=authenticator.length; 1613 p+=authenticator.length;
1597 1614
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 17:52:31 +0000