Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.

[openssl.git] / ssl / s3_pkt.c

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b4a1629853afbe9eb9a6959800ec95893dd968f7..330918a78aabfde2e893cf96c30f6a262d2fceae 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -238,11 +238,9 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
                if (i <= 0)
                        {
                        rb->left = left;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
-                       if (len+left == 0 &&
-                           (s->mode & SSL_MODE_RELEASE_BUFFERS))
-                               ssl3_release_read_buffer(s);
-#endif
+                       if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                               if (len+left == 0)
+                                       ssl3_release_read_buffer(s);
                        return(i);
                        }
                left+=i;
@@ -414,6 +412,7 @@ printf("\n");
 
        if (!clear)
                {
+               /* !clear => s->read_hash != NULL => mac_size != -1 */
                mac_size=EVP_MD_CTX_size(s->read_hash);
 
                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
@@ -825,15 +824,20 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
                        {
                        wb->left=0;
                        wb->offset+=i;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
                        if (s->mode & SSL_MODE_RELEASE_BUFFERS)
                                ssl3_release_write_buffer(s);
-#endif
                        s->rwstate=SSL_NOTHING;
                        return(s->s3->wpend_ret);
                        }
-               else if (i <= 0)
+               else if (i <= 0) {
+                       if (s->version == DTLS1_VERSION) {
+                               /* For DTLS, just drop it. That's kind of the wh
+ole
+                                  point in using a datagram service */
+                               wb->left = 0;
+                       }
                        return(i);
+               }
                wb->offset+=i;
                wb->left-=i;
                }
@@ -983,10 +987,8 @@ start:
                                {
                                s->rstate=SSL_ST_READ_HEADER;
                                rr->off=0;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
-                               if ((s->mode & SSL_MODE_RELEASE_BUFFERS))
+                               if (s->mode & SSL_MODE_RELEASE_BUFFERS)
                                        ssl3_release_read_buffer(s);
-#endif
                                }
                        }
                return(n);
@@ -1308,6 +1310,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        if (s->s3->tmp.key_block == NULL)
                {
+               if (s->session == NULL) 
+                       {
+                       /* might happen if dtls1_read_bytes() calls this */
+                       SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+                       return (0);
+                       }
+
                s->session->cipher=s->s3->tmp.new_cipher;
                if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
                }