projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
2ee1271
)
Check key_exchange data length is not 0
author
Matt Caswell
<matt@openssl.org>
Fri, 4 Nov 2016 09:49:16 +0000
(09:49 +0000)
committer
Matt Caswell
<matt@openssl.org>
Wed, 16 Nov 2016 10:09:46 +0000
(10:09 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/t1_lib.c
patch
|
blob
|
history
diff --git
a/ssl/t1_lib.c
b/ssl/t1_lib.c
index 2dbaa9ffb44be847561a453005a0f04e0c475352..6474c6dbc2ad352e22faf5dadf32e32cc78101fc 100644
(file)
--- a/
ssl/t1_lib.c
+++ b/
ssl/t1_lib.c
@@
-2754,7
+2754,8
@@
static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
skey = ssl_generate_pkey(ckey);
- if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt)) {
+ if (!PACKET_as_length_prefixed_2(&spkt, &encoded_pt)
+ || PACKET_remaining(&encoded_pt) == 0) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT,
SSL_R_LENGTH_MISMATCH);
projects / openssl.git / commitdiff