diff options
author | Ben Laurie <ben@links.org> | 2013-01-28 17:33:18 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-06 14:19:07 +0000 |
commit | 93cab6b319e354517841ae202fb884f7e45bb48e (patch) | |
tree | c2a3e6bf4e09aab8adc8b9af4a16e055bb7463a0 /ssl/d1_pkt.c | |
parent | 2acc020b770920657a169bf6be4ff12b254255e6 (diff) |
Don't crash when processing a zero-length, TLS >= 1.1 record.
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
Diffstat (limited to 'ssl/d1_pkt.c')
-rw-r--r-- | ssl/d1_pkt.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 5e2c56c983..4763d5cd1f 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -414,6 +414,7 @@ dtls1_process_record(SSL *s) /* decrypt in place in 'rr->input' */ rr->data=rr->input; + rr->orig_len=rr->length; enc_err = s->method->ssl3_enc->enc(s,0); if (enc_err <= 0) |