projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 98ecf60)
RT3301: Discard too-long heartbeat requests
authorErik Auerswald <auerswal@unix-ag.uni-kl.de>
Wed, 27 Aug 2014 02:50:34 +0000 (22:50 -0400)
committerRich Salz <rsalz@openssl.org>
Mon, 8 Sep 2014 15:22:35 +0000 (11:22 -0400)
Reviewed-by: Tim Hudson <tjh@openssl.org>
ssl/d1_both.c patch | blob | history

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 33d0ae3ce491a3ccdd2dcead7f6bedcbdb373e65..f2ff94300135ea1b3e405c0712dbdf28513a14d5 100644 (file)
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1363,6 +1363,9 @@ dtls1_process_heartbeat(SSL *s)
        /* Read type and payload length first */
        if (1 + 2 + 16 > s->s3->rrec.length)
                return 0; /* silently discard */
+       if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
+               return 0; /* silently discard per RFC 6520 sec. 4 */
+
        hbtype = *p++;
        n2s(p, payload);
        if (1 + 2 + payload + 16 > s->s3->rrec.length)
Unnamed repository; edit this file 'description' to name the repository.