projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e3dd33c) | patch
Add length sanity check in SSLv2 n_do_ssl_write()
authorMatt Caswell <matt@openssl.org>
Wed, 29 Apr 2015 15:15:40 +0000 (16:15 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 29 Apr 2015 16:44:02 +0000 (17:44 +0100)
commit80a06268ae329a1d7e01292029f9ae3af172b4b8
treee8199d3e5b497cc41afdd4f2c36dc61f33d2b061tree | snapshot
parente3dd33c25c885ab3bfe707d87ddb12f845d77032commit | diff
Add length sanity check in SSLv2 n_do_ssl_write()

Fortify flagged up a problem in n_do_ssl_write() in SSLv2. Analysing the
code I do not believe there is a real problem here. However the logic flows
are complicated enough that a sanity check of |len| is probably worthwhile.

Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c5f8cd7bc661f90dc012c9d2bae1808a4281985f)
ssl/s2_pkt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.