From 9b9cb004f755ea2add69f2d9df6468c331fef4f8 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Sat, 27 Dec 2008 02:09:24 +0000
Subject: Deal with the unlikely event that EVP_MD_CTX_size() returns an error.
 (Coverity ID 140).

---
 ssl/d1_pkt.c  | 6 ++++++
 ssl/ssl.h     | 1 +
 ssl/ssl_err.c | 1 +
 3 files changed, 8 insertions(+)

(limited to 'ssl')

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 9e38cb5bf9..75c2b63f3e 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -428,6 +428,12 @@ printf("\n");
 	if (!clear)
 		{
 		mac_size=EVP_MD_CTX_size(s->read_hash);
+		if (mac_size <= 0)
+			{
+			al=SSL_AD_INTERNAL_ERROR;
+			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_MAC_LENGTH);
+			goto f_err;
+			}
 
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
 			{
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 64173af1cc..893eb6ece3 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1996,6 +1996,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_HELLO_REQUEST				 105
 #define SSL_R_BAD_LENGTH				 271
 #define SSL_R_BAD_MAC_DECODE				 113
+#define SSL_R_BAD_MAC_LENGTH				 333
 #define SSL_R_BAD_MESSAGE_TYPE				 114
 #define SSL_R_BAD_PACKET_LENGTH				 115
 #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 7879a3194e..c7b36b5e41 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -290,6 +290,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
 {ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
 {ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
+{ERR_REASON(SSL_R_BAD_MAC_LENGTH)        ,"bad mac length"},
 {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      ,"bad message type"},
 {ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     ,"bad packet length"},
 {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
-- 
cgit v1.2.3