projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
[openssl.git] / ssl / t1_enc.c
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 201ca9ad6de20299a52870bf85257357fb1ae43b..f7bdeb3b9dbac573ff9539dc8638aab45b8df432 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -889,6 +889,8 @@ int tls1_enc(SSL *s, int send)
                        if (s->version >= TLS1_1_VERSION
                                && EVP_CIPHER_CTX_mode(ds) == EVP_CIPH_CBC_MODE)
                                {
+                               if (bs > (int)rec->length)
+                                       return -1;
                                rec->data += bs;    /* skip the explicit IV */
                                rec->input += bs;
                                rec->length -= bs;
Unnamed repository; edit this file 'description' to name the repository.