Assorted bugfixes:

- safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
author: Bodo Möller <bodo@openssl.org> 2011-02-03 12:03:51 +0000
committer: Bodo Möller <bodo@openssl.org> 2011-02-03 12:03:51 +0000
commit: e2b798c8b329d88e4f38ca4f5c4445eddcfad4ca (patch)
tree: e30ad81264713f64d75bdfb3dadf46e74e51638f /ssl/s2_srvr.c
parent: 9bda745876ef9e239ca9e294ba27e1b0b1906bf1 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 9471676872..bc885e8e7f 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
 		p+=3;
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
-		n2s(p,i); s->session->key_arg_length=i;
-		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+		n2s(p,i);
+		if(i > SSL_MAX_KEY_ARG_LENGTH)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
 			return -1;
 			}
+		s->session->key_arg_length=i;
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
author	Bodo Möller <bodo@openssl.org>	2011-02-03 12:03:51 +0000
committer	Bodo Möller <bodo@openssl.org>	2011-02-03 12:03:51 +0000
commit	e2b798c8b329d88e4f38ca4f5c4445eddcfad4ca (patch)
tree	e30ad81264713f64d75bdfb3dadf46e74e51638f /ssl/s2_srvr.c
parent	9bda745876ef9e239ca9e294ba27e1b0b1906bf1 (diff)