From 2a44fea2cb55e6123807858ba43414b276b2d2fe Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 28 Feb 2019 17:44:56 +0000
Subject: Add appropriate length checks to tls13_legacy_{read,write}_bytes()

ok inoguchi@ tb@
---
 src/lib/libssl/tls13_lib.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 0151395be8..e371d71750 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.6 2019/02/26 17:36:30 jsing Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.7 2019/02/28 17:44:56 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -251,9 +251,12 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
 		SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 		return -1;
 	}
+	if (len < 0) {
+		SSLerror(ssl, SSL_R_BAD_LENGTH); 
+		return -1;
+	}
 
 	ret = tls13_read_application_data(ctx->rl, buf, len);
-
 	return tls13_legacy_return_code(ssl, ret);
 }
 
@@ -267,8 +270,11 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len)
 		SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 		return -1;
 	}
+	if (len <= 0) {
+		SSLerror(ssl, SSL_R_BAD_LENGTH); 
+		return -1;
+	}
 
 	ret = tls13_write_application_data(ctx->rl, buf, len);
-
 	return tls13_legacy_return_code(ssl, ret);
 }
-- 
cgit v1.2.3-55-g6feb