OpenSSL Security Advisory [30 July 2002]

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bd9ce5db55a3d8a310736e679d1d48fc3987638c..2699b5863b60149ba66106c0c742a22ec1c0c370 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -117,6 +117,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s)
                *(p++)=i;
                if (i != 0)
                        {
+                       die(i <= sizeof s->session->session_id);
                        memcpy(p,s->session->session_id,i);
                        p+=i;
                        }
@@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s)
        /* get the session-id */
        j= *(p++);
 
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
+
        if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
                {
                /* SSLref returns 16 :-( */
@@ -1588,6 +1598,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                SSL_MAX_MASTER_KEY_LENGTH);
                        EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
                        outl += padl;
+                       die(outl <= sizeof epms);
                        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
                        /*  KerberosWrapper.EncryptedPreMasterSecret    */