projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't crash when processing a zero-length, TLS >= 1.1 record.
[openssl.git] / ssl / s3_pkt.c
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 0d27f514af206c0d633804d8f91b66199d463872..e658edbb1dc1a6c2c2aa5899f46eacdc692ea280 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -352,8 +352,13 @@ again:
 
        /* decrypt in place in 'rr->input' */
        rr->data=rr->input;
+       rr->orig_len=rr->length;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
+       /* enc_err is:
+        *    0: (in non-constant time) if the record is publically invalid.
+        *    1: if the padding is valid
+        *    -1: if the padding is invalid */
        if (enc_err == 0)
                {
                /* SSLerr() and ssl3_send_alert() have been called */
Unnamed repository; edit this file 'description' to name the repository.