diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-01-07 10:48:23 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-01-07 10:48:23 +0000 |
commit | a00c3c4019a4bc0fa938b7dd3c0cd8e95cdc6943 (patch) | |
tree | 97dc675154f89679d944819529935c988924a301 /ssl/s2_srvr.c | |
parent | f4677b79609a17b125c46a8bc9899be94ac65919 (diff) |
Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
Diffstat (limited to 'ssl/s2_srvr.c')
-rw-r--r-- | ssl/s2_srvr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 0daf2b129d..50d55e6bf1 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -1054,7 +1054,7 @@ static int request_certificate(SSL *s) i=ssl_verify_cert_chain(s,sk); - if (i) /* we like the packet, now check the chksum */ + if (i > 0) /* we like the packet, now check the chksum */ { EVP_MD_CTX ctx; EVP_PKEY *pkey=NULL; @@ -1083,7 +1083,7 @@ static int request_certificate(SSL *s) EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&ctx); - if (i) + if (i > 0) { if (s->session->peer != NULL) X509_free(s->session->peer); |