Prepare for 1.0.2v-dev

[openssl.git] / ssl / s3_both.c

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 26a24a20f3a914c124cb14b56e32b066a450ac8d..054ded1c99039bbc76cf4d5632fcc2d2aa08aaf4 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -417,9 +417,13 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
             SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
             goto f_err;
         }
+        /*
+         * Make buffer slightly larger than message length as a precaution
+         * against small OOB reads e.g. CVE-2016-6306
+         */
         if (l
             && !BUF_MEM_grow_clean(s->init_buf,
-                                   (int)l + SSL3_HM_HEADER_LENGTH)) {
+                                   (int)l + SSL3_HM_HEADER_LENGTH + 16)) {
             SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
             goto err;
         }