X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=243992542b0abd129c2ebaa56e690dbdabee5cac;hp=ad9dc5154abf7d44fbce2a64340203c0823009cf;hb=0b33bed9696ffda5f56eb7ebb5765204df6df978;hpb=971a7c5ff751d95bf33117e95a6acf2cfc951537 diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index ad9dc5154a..243992542b 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -110,6 +110,7 @@ */ #include +#include #include #define USE_SOCKETS #include "ssl_locl.h" @@ -644,6 +645,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int i; s->rwstate=SSL_NOTHING; + OPENSSL_assert(s->s3->wnum <= INT_MAX); tot=s->s3->wnum; s->s3->wnum=0; @@ -667,7 +669,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * buffer ... so we trap and report the error in a way the user * will notice */ - if ( len < tot) + if (len < tot) { SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH); return(-1); @@ -695,7 +697,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * compromise is considered worthy. */ if (type==SSL3_RT_APPLICATION_DATA && - len >= 4*(max_send_fragment=s->max_send_fragment) && + len >= 4*(int)(max_send_fragment=s->max_send_fragment) && s->compress==NULL && s->msg_callback==NULL && !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) @@ -716,7 +718,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, max_send_fragment,NULL); - if (len>=8*max_send_fragment) packlen *= 8; + if (len>=8*(int)max_send_fragment) packlen *= 8; else packlen *= 4; wb->buf=OPENSSL_malloc(packlen); @@ -768,7 +770,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, sizeof(mb_param),&mb_param); - if (packlen<=0 || packlen>wb->len) /* never happens */ + if (packlen<=0 || packlen>(int)wb->len) /* never happens */ { OPENSSL_free(wb->buf); /* free jumbo buffer */ wb->buf = NULL; @@ -880,9 +882,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSL3_BUFFER *wb=&(s->s3->wbuf); SSL_SESSION *sess; - if (wb->buf == NULL) - if (!ssl3_setup_write_buffer(s)) - return -1; /* first check if there is a SSL3_BUFFER still being written * out. This will happen with non blocking IO */ @@ -898,6 +897,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if it went, fall through and send more stuff */ } + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; + if (len == 0 && !create_empty_fragment) return 0; @@ -1244,7 +1247,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (!ssl3_setup_read_buffer(s)) return(-1); - if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); @@ -1592,6 +1595,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1726,7 +1738,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);