Assorted bugfixes:

- RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Neel Mehta, Bodo Moeller)
author: Bodo Möller <bodo@openssl.org> 2011-02-03 12:04:48 +0000
committer: Bodo Möller <bodo@openssl.org> 2011-02-03 12:04:48 +0000
commit: 9d09fc8485479a38c37a1de1378a0ded22492f7e (patch)
tree: cb4da7025eb05f4c2ba9c8b20c58eeedf7816243 /ssl/s2_srvr.c
parent: 8ea45317187ab9fbecefd9b9b231993c2c1554b6 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index eeffe25492..c87d84499e 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
 		p+=3;
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
-		n2s(p,i); s->session->key_arg_length=i;
-		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+		n2s(p,i);
+		if(i > SSL_MAX_KEY_ARG_LENGTH)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
 			return -1;
 			}
+		s->session->key_arg_length=i;
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
author	Bodo Möller <bodo@openssl.org>	2011-02-03 12:04:48 +0000
committer	Bodo Möller <bodo@openssl.org>	2011-02-03 12:04:48 +0000
commit	9d09fc8485479a38c37a1de1378a0ded22492f7e (patch)
tree	cb4da7025eb05f4c2ba9c8b20c58eeedf7816243 /ssl/s2_srvr.c
parent	8ea45317187ab9fbecefd9b9b231993c2c1554b6 (diff)