projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Excessive allocation of memory in tls_get_message_header()
[openssl.git] / ssl / statem / statem.c
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index df3008575d19604ad0f3702f7ff489d3ac0d69dd..8bc1febd1074244e64963d4e802ee1329b18dc43 100644 (file)
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -542,6 +542,17 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
                 return SUB_STATE_ERROR;
             }
 
+            /* dtls_get_message already did this */
+            if (!SSL_IS_DTLS(s)
+                    && s->s3->tmp.message_size > 0
+                    && !BUF_MEM_grow_clean(s->init_buf,
+                                           (int)s->s3->tmp.message_size
+                                           + SSL3_HM_HEADER_LENGTH)) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER, ERR_R_BUF_LIB);
+                return SUB_STATE_ERROR;
+            }
+
             st->read_state = READ_STATE_BODY;
             /* Fall through */
 
Unnamed repository; edit this file 'description' to name the repository.