reject zero length point format list or supported curves extensions

[openssl.git] / ssl / ssl_asn1.c

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index d02c3af53bdb3e0e71c0d3c843fe03f2dcce9b61..38540be1e5380615391037e67a02fe8ae3816641 100644 (file)
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -84,7 +84,6 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <openssl/crypto.h>
 #include "ssl_locl.h"
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
@@ -572,6 +571,19 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                }
        else
                ret->psk_identity_hint=NULL;
+
+       os.length=0;
+       os.data=NULL;
+       M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
+       if (os.data)
+               {
+               ret->psk_identity = BUF_strndup((char *)os.data, os.length);
+               OPENSSL_free(os.data);
+               os.data = NULL;
+               os.length = 0;
+               }
+       else
+               ret->psk_identity=NULL;
 #endif /* OPENSSL_NO_PSK */
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -614,7 +626,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 #ifndef OPENSSL_NO_SRP
        os.length=0;
        os.data=NULL;
-       M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
+       M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12);
        if (os.data)
                {
                ret->srp_username = BUF_strndup((char *)os.data, os.length);