summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBodo Möller <bodo@openssl.org>2007-09-21 14:05:08 +0000
committerBodo Möller <bodo@openssl.org>2007-09-21 14:05:08 +0000
commit4ab0088bfe20d251bc2a1afae543685d2faa3935 (patch)
tree501a4f6f3b48015e44611823039ed437f9504114
parent3bd1690bfb59b014fafa93b22e737e50c7db4b5b (diff)
More changes from HEAD:
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME now that ssl23_client_hello takes care of that - fix buffer overrun checks in ssl_add_serverhello_tlsext()
Diffstat
-rw-r--r--ssl/s3_lib.c1
-rw-r--r--ssl/t1_lib.c4
2 files changed, 2 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2bacb2601e..95e893737c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1931,7 +1931,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
- s->options |= SSL_OP_NO_SSLv2; /* can't use extension w/ SSL 2.0 format */
break;
case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
s->tlsext_debug_arg=parg;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 21ddcc6116..fabc634d68 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -207,7 +207,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
{
- if (limit - p - 4 < 0) return NULL;
+ if (limit - ret - 4 < 0) return NULL;
s2n(TLSEXT_TYPE_server_name,ret);
s2n(0,ret);
@@ -216,7 +216,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
if (s->tlsext_ticket_expected
&& !(SSL_get_options(s) & SSL_OP_NO_TICKET))
{
- if (limit - p - 4 < 0) return NULL;
+ if (limit - ret - 4 < 0) return NULL;
s2n(TLSEXT_TYPE_session_ticket,ret);
s2n(0,ret);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 20:39:11 +0000