diff options
author | Ben Laurie <ben@openssl.org> | 1999-03-22 12:22:14 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 1999-03-22 12:22:14 +0000 |
commit | b4cadc6e1343c01b06613053a90ed2ee85e65090 (patch) | |
tree | 5670424b0d897cd7f8161e321f0f514131265159 /ssl/ssl_asn1.c | |
parent | 0f423567a72b68b617ad5554e51095f1017a9d7b (diff) |
Fix security hole.
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 116a83de64..f4ba04a961 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -69,6 +69,7 @@ typedef struct ssl_session_asn1_st ASN1_OCTET_STRING cipher; ASN1_OCTET_STRING master_key; ASN1_OCTET_STRING session_id; + ASN1_OCTET_STRING session_id_context; ASN1_OCTET_STRING key_arg; ASN1_INTEGER time; ASN1_INTEGER timeout; @@ -84,7 +85,7 @@ SSL_SESSION *in; unsigned char **pp; { #define LSIZE2 (sizeof(long)*2) - int v1=0,v2=0,v3=0; + int v1=0,v2=0,v3=0,v4=0; unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2]; long l; @@ -138,6 +139,10 @@ unsigned char **pp; a.session_id.type=V_ASN1_OCTET_STRING; a.session_id.data=in->session_id; + a.session_id_context.length=in->sid_ctx_length; + a.session_id_context.type=V_ASN1_OCTET_STRING; + a.session_id_context.data=in->sid_ctx; + a.key_arg.length=in->key_arg_length; a.key_arg.type=V_ASN1_OCTET_STRING; a.key_arg.data=in->key_arg; @@ -171,6 +176,7 @@ unsigned char **pp; M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); if (in->peer != NULL) M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); + M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); M_ASN1_I2D_seq_total(); @@ -187,6 +193,8 @@ unsigned char **pp; M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); if (in->peer != NULL) M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); + M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, + v4); M_ASN1_I2D_finish(); } @@ -308,6 +316,21 @@ long length; } M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); + os.length=0; + os.data=NULL; + M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); + + if(os.data != NULL) + { + if (os.length > SSL_MAX_SID_CTX_LENGTH) + SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); + ret->sid_ctx_length=os.length; + memcpy(ret->sid_ctx,os.data,os.length); + Free(os.data); os.data=NULL; os.length=0; + } + else + ret->sid_ctx_length=0; + M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); } |