OpenSSL Security Advisory [30 July 2002]

[openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index dfac68095bfd48083212f29defcbf0171c2182a7..391287bfcd2b05b76747c170e48a0ee4d74cb5d2 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -116,6 +116,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include "cryptlib.h"
 
 static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
@@ -159,7 +160,7 @@ int ssl2_accept(SSL *s)
        BUF_MEM *buf=NULL;
        int ret= -1;
        long num1;
-       void (*cb)()=NULL;
+       void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int new_state,state;
 
        RAND_add(&l,sizeof(l),0);
@@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s)
                n2s(p,i); s->s2->tmp.clear=i;
                n2s(p,i); s->s2->tmp.enc=i;
                n2s(p,i); s->session->key_arg_length=i;
+               if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+                       {
+                       SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+                                  SSL_R_KEY_ARG_TOO_LONG);
+                       return -1;
+                       }
                s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
                }
 
        /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
        p=(unsigned char *)s->init_buf->data;
+       die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
        keya=s->session->key_arg_length;
        len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
        if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
@@ -472,8 +480,8 @@ static int get_client_master_key(SSL *s)
         * random master secret (Bleichenbacher attack) */
        if ((i < 0) ||
                ((!is_export && (i != EVP_CIPHER_key_length(c)))
-               || (is_export && ((i != ek) || ((int)s->s2->tmp.clear+i !=
-                       EVP_CIPHER_key_length(c))))))
+               || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+                       (unsigned int)EVP_CIPHER_key_length(c))))))
                {
                ERR_clear_error();
                if (is_export)
@@ -504,6 +512,7 @@ static int get_client_master_key(SSL *s)
 #endif
 
        if (is_export) i+=s->s2->tmp.clear;
+       die(i <= SSL_MAX_MASTER_KEY_LENGTH);
        s->session->master_key_length=i;
        memcpy(s->session->master_key,p,(unsigned int)i);
        return(1);
@@ -670,6 +679,7 @@ static int get_client_hello(SSL *s)
        p+=s->s2->tmp.session_id_length;
 
        /* challenge */
+       die(s->s2->challenge_length <= sizeof s->s2->challenge);
        memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
        return(1);
 mem_err:
@@ -826,6 +836,7 @@ static int get_client_finished(SSL *s)
                }
 
        /* SSL2_ST_GET_CLIENT_FINISHED_B */
+       die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
        len = 1 + (unsigned long)s->s2->conn_id_length;
        n = (int)len - s->init_num;
        i = ssl2_read(s,(char *)&(p[s->init_num]),n);
@@ -853,6 +864,7 @@ static int server_verify(SSL *s)
                {
                p=(unsigned char *)s->init_buf->data;
                *(p++)=SSL2_MT_SERVER_VERIFY;
+               die(s->s2->challenge_length <= sizeof s->s2->challenge);
                memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
                /* p+=s->s2->challenge_length; */
 
@@ -872,6 +884,8 @@ static int server_finish(SSL *s)
                p=(unsigned char *)s->init_buf->data;
                *(p++)=SSL2_MT_SERVER_FINISHED;
 
+               die(s->session->session_id_length
+                   <= sizeof s->session->session_id);
                memcpy(p,s->session->session_id,
                        (unsigned int)s->session->session_id_length);
                /* p+=s->session->session_id_length; */