SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
- if ((i+p) > (d+n))
+ if ((p+i) >= (d+n))
{
/* not enough data */
al=SSL_AD_DECODE_ERROR;
/* compression */
i= *(p++);
+ if ((p+i) > (d+n))
+ {
+ /* not enough data */
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
q=p;
for (j=0; j<i; j++)
{
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
- if (p > (d+n))
+ if (p < (d+n))
{
/* wrong number of bytes,
* there could be more to follow */
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+
if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
n2s(p,i);