diff options
author | Bodo Möller <bodo@openssl.org> | 2011-02-03 12:04:48 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2011-02-03 12:04:48 +0000 |
commit | 9d09fc8485479a38c37a1de1378a0ded22492f7e (patch) | |
tree | cb4da7025eb05f4c2ba9c8b20c58eeedf7816243 /ssl/s2_srvr.c | |
parent | 8ea45317187ab9fbecefd9b9b231993c2c1554b6 (diff) |
Assorted bugfixes:
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Neel Mehta, Bodo Moeller)
Diffstat (limited to 'ssl/s2_srvr.c')
-rw-r--r-- | ssl/s2_srvr.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index eeffe25492..c87d84499e 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s) p+=3; n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; - n2s(p,i); s->session->key_arg_length=i; - if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + n2s(p,i); + if(i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } + s->session->key_arg_length=i; s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } |