OpenSSL Security Advisory [30 July 2002]

Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
author: Lutz Jänicke <jaenicke@openssl.org> 2002-07-30 13:04:04 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-07-30 13:04:04 +0000
commit: c046fffa16cd55c972f71c49051b8ce6b83eed7f (patch)
tree: f88e3f90a37215466511661e101da6882f8c0836 /ssl/s2_lib.c
parent: 3aecef76973dbea037ec4e1ceba7ec1bd3fb683a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 25823d46e5..9bf55268df 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -63,6 +63,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static long ssl2_default_timeout(void );
 const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@@ -428,10 +429,14 @@ void ssl2_generate_key_material(SSL *s)
 #endif
 	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
+	die(s->s2->key_material_length <= sizeof s->s2->key_material);
 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
 		{
 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
 
+		die(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
 		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
@@ -467,6 +472,7 @@ void ssl2_write_error(SSL *s)
 /*	state=s->rwstate;*/
 	error=s->error;
 	s->error=0;
+	die(error >= 0 && error <= 3);
 	i=ssl2_write(s,&(buf[3-error]),error);
 /*	if (i == error) s->rwstate=state; */
author	Lutz Jänicke <jaenicke@openssl.org>	2002-07-30 13:04:04 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-07-30 13:04:04 +0000
commit	c046fffa16cd55c972f71c49051b8ce6b83eed7f (patch)
tree	f88e3f90a37215466511661e101da6882f8c0836 /ssl/s2_lib.c
parent	3aecef76973dbea037ec4e1ceba7ec1bd3fb683a (diff)