diff options
| -rw-r--r-- | CHANGES | 7 | ||||
| -rw-r--r-- | crypto/cryptlib.c | 8 | ||||
| -rw-r--r-- | crypto/cryptlib.h | 4 | ||||
| -rw-r--r-- | ssl/s2_clnt.c | 41 | ||||
| -rw-r--r-- | ssl/s2_enc.c | 3 | ||||
| -rw-r--r-- | ssl/s2_lib.c | 39 | ||||
| -rw-r--r-- | ssl/s2_srvr.c | 58 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 12 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 6 | ||||
| -rw-r--r-- | ssl/ssl.h | 6 | ||||
| -rw-r--r-- | ssl/ssl_asn1.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 6 | ||||
| -rw-r--r-- | ssl/ssl_locl.h | 2 | ||||
| -rw-r--r-- | ssl/ssl_sess.c | 7 |
14 files changed, 150 insertions, 54 deletions
@@ -1764,6 +1764,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6e and 0.9.6f [XX xxx XXXX] + + *) Use proper error handling instead of 'assertions' in buffer + overflow checks added in 0.9.6e. This prevents DoS (the + assertions could call abort()). + [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] *) Add various sanity checks to asn1_get_length() to reject diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 3bceddfbbf..9a7ed2cf75 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -494,11 +494,3 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif - -void OpenSSLDie(const char *file,int line,const char *assertion) - { - fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); - abort(); - } - diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index 985a6d377c..88e4ae509f 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -93,10 +93,6 @@ extern "C" { #define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) #define HEX_SIZE(type) ((sizeof(type)*2) -/* die if we have to */ -void OpenSSLDie(const char *file,int line,const char *assertion); -#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) - #ifdef __cplusplus } #endif diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 26efe53856..570d0664ed 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -536,7 +536,12 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; - die(s->s2->conn_id_length <= sizeof s->s2->conn_id); + if (s->s2->conn_id_length > sizeof s->s2->conn_id) + { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); + return -1; + } memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -638,7 +643,12 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; - die(i <= SSL_MAX_KEY_ARG_LENGTH); + if (i > SSL_MAX_KEY_ARG_LENGTH) + { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -646,7 +656,12 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { - die(i <= sizeof sess->master_key); + if (i > sizeof sess->master_key) + { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -690,7 +705,12 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ - die(karg <= sizeof sess->key_arg); + if (karg > sizeof sess->key_arg) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -711,7 +731,11 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; - die(s->s2->conn_id_length <= sizeof s->s2->conn_id); + if (s->s2->conn_id_length > sizeof s->s2->conn_id) + { + SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); + return -1; + } memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -984,10 +1008,9 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { - die(s->session->session_id_length - <= sizeof s->session->session_id); - if (memcmp(buf,s->session->session_id, - (unsigned int)s->session->session_id_length) != 0) + if ((s->session->session_id_length > sizeof s->session->session_id) + || (0 != memcmp(buf, s->session->session_id, + (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT); diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index a28e747d2d..690252e3d3 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -96,7 +96,8 @@ int ssl2_enc_init(SSL *s, int client) num=c->key_len; s->s2->key_material_length=num*2; - ssl2_generate_key_material(s); + if (ssl2_generate_key_material(s) <= 0) + return 0; EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 9bf55268df..554f4fd792 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -416,12 +416,15 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) return(3); } -void ssl2_generate_key_material(SSL *s) +int ssl2_generate_key_material(SSL *s) { unsigned int i; EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; + const EVP_MD *md5; + + md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', @@ -429,23 +432,35 @@ void ssl2_generate_key_material(SSL *s) #endif EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - die(s->s2->key_material_length <= sizeof s->s2->key_material); - for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) + + if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + { + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } + + for (i=0; i<s->s2->key_material_length; i += EVP_MD_block_size(md5)) { - EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); + if (((km - s->s2->key_material) + EVP_MD_block_size(md5)) > sizeof s->s2->key_material) + { + /* EVP_DigestFinal_ex() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } + + EVP_DigestInit_ex(&ctx, md5, NULL); - die(s->session->master_key_length >= 0 - && s->session->master_key_length - < sizeof s->session->master_key); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); EVP_DigestFinal_ex(&ctx,km,NULL); - km+=MD5_DIGEST_LENGTH; + km += EVP_MD_block_size(md5); } + EVP_MD_CTX_cleanup(&ctx); + return 1; } void ssl2_return_error(SSL *s, int err) @@ -470,10 +485,14 @@ void ssl2_write_error(SSL *s) buf[2]=(s->error_code)&0xff; /* state=s->rwstate;*/ - error=s->error; + + error=s->error; /* number of bytes left to write */ s->error=0; - die(error >= 0 && error <= 3); + if (error < 0 || error > sizeof buf) /* can't happen */ + return; + i=ssl2_write(s,&(buf[3-error]),error); + /* if (i == error) s->rwstate=state; */ if (i < 0) diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index 391287bfcd..2d3b667d91 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -399,8 +399,7 @@ static int get_client_master_key(SSL *s) SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE); } else - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, - SSL_R_PEER_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR); return(-1); } @@ -408,8 +407,7 @@ static int get_client_master_key(SSL *s) if (cp == NULL) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, - SSL_R_NO_CIPHER_MATCH); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH); return(-1); } s->session->cipher= cp; @@ -420,8 +418,8 @@ static int get_client_master_key(SSL *s) n2s(p,i); s->session->key_arg_length=i; if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) { - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, - SSL_R_KEY_ARG_TOO_LONG); + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; @@ -429,11 +427,17 @@ static int get_client_master_key(SSL *s) /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; - die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); + if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } keya=s->session->key_arg_length; len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); return -1; } @@ -512,7 +516,13 @@ static int get_client_master_key(SSL *s) #endif if (is_export) i+=s->s2->tmp.clear; - die(i <= SSL_MAX_MASTER_KEY_LENGTH); + + if (i > SSL_MAX_MASTER_KEY_LENGTH) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); @@ -563,6 +573,7 @@ static int get_client_hello(SSL *s) if ( (i < SSL2_MIN_CHALLENGE_LENGTH) || (i > SSL2_MAX_CHALLENGE_LENGTH)) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH); return(-1); } @@ -574,6 +585,7 @@ static int get_client_hello(SSL *s) len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); return -1; } @@ -679,7 +691,12 @@ static int get_client_hello(SSL *s) p+=s->s2->tmp.session_id_length; /* challenge */ - die(s->s2->challenge_length <= sizeof s->s2->challenge); + if (s->s2->challenge_length > sizeof s->s2->challenge) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + return -1; + } memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: @@ -836,7 +853,12 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ - die(s->s2->conn_id_length <= sizeof s->s2->conn_id); + if (s->s2->conn_id_length > sizeof s->s2->conn_id) + { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); + return -1; + } len = 1 + (unsigned long)s->s2->conn_id_length; n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); @@ -864,7 +886,11 @@ static int server_verify(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; - die(s->s2->challenge_length <= sizeof s->s2->challenge); + if (s->s2->challenge_length > sizeof s->s2->challenge) + { + SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); + return -1; + } memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ @@ -884,10 +910,12 @@ static int server_finish(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; - die(s->session->session_id_length - <= sizeof s->session->session_id); - memcpy(p,s->session->session_id, - (unsigned int)s->session->session_id_length); + if (s->session->session_id_length > sizeof s->session->session_id) + { + SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); + return -1; + } + memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ s->state=SSL2_ST_SEND_SERVER_FINISHED_B; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2699b5863b..2b58482484 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -546,7 +546,11 @@ static int ssl3_client_hello(SSL *s) *(p++)=i; if (i != 0) { - die(i <= sizeof s->session->session_id); + if (i > sizeof s->session->session_id) + { + SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto err; + } memcpy(p,s->session->session_id,i); p+=i; } @@ -1598,7 +1602,11 @@ static int ssl3_send_client_key_exchange(SSL *s) SSL_MAX_MASTER_KEY_LENGTH); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; - die(outl <= sizeof epms); + if (outl > sizeof epms) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); + goto err; + } EVP_CIPHER_CTX_cleanup(&ciph_ctx); /* KerberosWrapper.EncryptedPreMasterSecret */ diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 827fd125ee..20d716fb1b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -965,7 +965,11 @@ static int ssl3_send_server_hello(SSL *s) s->session->session_id_length=0; sl=s->session->session_id_length; - die(sl <= sizeof s->session->session_id); + if (sl > sizeof s->session->session_id) + { + SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + return -1; + } *(p++)=sl; memcpy(p,s->session->session_id,sl); p+=sl; @@ -1462,6 +1462,7 @@ void ERR_load_SSL_strings(void); /* Function codes. */ #define SSL_F_CLIENT_CERTIFICATE 100 +#define SSL_F_CLIENT_FINISHED 238 #define SSL_F_CLIENT_HELLO 101 #define SSL_F_CLIENT_MASTER_KEY 102 #define SSL_F_D2I_SSL_SESSION 103 @@ -1475,7 +1476,9 @@ void ERR_load_SSL_strings(void); #define SSL_F_I2D_SSL_SESSION 111 #define SSL_F_READ_N 112 #define SSL_F_REQUEST_CERTIFICATE 113 +#define SSL_F_SERVER_FINISH 239 #define SSL_F_SERVER_HELLO 114 +#define SSL_F_SERVER_VERIFY 240 #define SSL_F_SSL23_ACCEPT 115 #define SSL_F_SSL23_CLIENT_HELLO 116 #define SSL_F_SSL23_CONNECT 117 @@ -1487,6 +1490,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL2_ACCEPT 122 #define SSL_F_SSL2_CONNECT 123 #define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 #define SSL_F_SSL2_PEEK 234 #define SSL_F_SSL2_READ 125 #define SSL_F_SSL2_READ_INTERNAL 236 @@ -1523,6 +1527,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +#define SSL_F_SSL3_SEND_SERVER_HELLO 242 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 #define SSL_F_SSL3_SETUP_BUFFERS 156 #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 @@ -1747,6 +1752,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 #define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 1638c6b525..3723fc2e37 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -294,10 +294,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, i=SSL2_MAX_SSL_SESSION_ID_LENGTH; if (os.length > i) - os.length=i; + os.length = i; + if (os.length > sizeof ret->session_id) /* can't happen */ + os.length = sizeof ret->session_id; ret->session_id_length=os.length; - die(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 0cad32c855..7067a745f3 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -67,6 +67,7 @@ static ERR_STRING_DATA SSL_str_functs[]= { {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, {ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, @@ -80,7 +81,9 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, {ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, {ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, +{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, @@ -92,6 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, +{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, @@ -128,6 +132,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, +{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, @@ -355,6 +360,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_SHORT_READ ,"short read"}, {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, +{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fe4ac839cf..dd6c7a7323 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -510,7 +510,7 @@ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); int ssl2_enc_init(SSL *s, int client); -void ssl2_generate_key_material(SSL *s); +int ssl2_generate_key_material(SSL *s); void ssl2_enc(SSL *s,int send_data); void ssl2_mac(SSL *s,unsigned char *mac,int send_data); SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8bfc382bb6..ca1a7427be 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -251,7 +251,12 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length=0; } - die(s->sid_ctx_length <= sizeof ss->sid_ctx); + if (s->sid_ctx_length > sizeof ss->sid_ctx) + { + SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); + SSL_SESSION_free(ss); + return 0; + } memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; |