projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
[openssl.git]
/
ssl
/
t1_enc.c
diff --git
a/ssl/t1_enc.c
b/ssl/t1_enc.c
index 201ca9ad6de20299a52870bf85257357fb1ae43b..f7bdeb3b9dbac573ff9539dc8638aab45b8df432 100644
(file)
--- a/
ssl/t1_enc.c
+++ b/
ssl/t1_enc.c
@@
-889,6
+889,8
@@
int tls1_enc(SSL *s, int send)
if (s->version >= TLS1_1_VERSION
&& EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
{
+ if (bs > (int)rec->length)
+ return -1;
rec->data += bs; /* skip the explicit IV */
rec->input += bs;
rec->length -= bs;