summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssl/s23_clnt.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index cc6c527f19..0912528f89 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -368,6 +368,10 @@ static int ssl23_client_hello(SSL *s)
ch_len=SSL2_MAX_CHALLENGE_LENGTH;
/* write out sslv2 challenge */
+ /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
+ because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
+ or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
+ check in for futurproofing */
if (SSL3_RANDOM_SIZE < ch_len)
i=SSL3_RANDOM_SIZE;
else
@@ -544,6 +548,10 @@ static int ssl23_get_server_hello(SSL *s)
ch_len=SSL2_MAX_CHALLENGE_LENGTH;
/* write out sslv2 challenge */
+ /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
+ it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
+ SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
+ futurproofing */
i=(SSL3_RANDOM_SIZE < ch_len)
?SSL3_RANDOM_SIZE:ch_len;
s->s2->challenge_length=i;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 01:50:28 +0000