X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=8fedf5a80d7c64e4815dd1706f9cf7c039abaedb;hp=f02e3c80d0d7319e5828b965ed25b3183a6decde;hb=7a04b854d655785798d471df25ffd5036f3cc46b;hpb=50cc4f7b3d64621b6062ad1f16a7630b7c730d9b diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index f02e3c80d0..8fedf5a80d 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -110,6 +110,7 @@ */ #include +#include #include #define USE_SOCKETS #include "ssl_locl.h" @@ -573,7 +574,7 @@ printf("\n"); if (empty_record_count > MAX_EMPTY_RECORDS) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_TOO_MANY_EMPTY_FRAGMENTS); + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL); goto f_err; } goto again; @@ -642,6 +643,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) #endif SSL3_BUFFER *wb=&(s->s3->wbuf); int i; + unsigned int u_len = (unsigned int)len; + + if (len < 0) + { + SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_NEGATIVE_LENGTH); + return -1; + } s->rwstate=SSL_NOTHING; OPENSSL_assert(s->s3->wnum <= INT_MAX); @@ -696,7 +704,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * compromise is considered worthy. */ if (type==SSL3_RT_APPLICATION_DATA && - len >= 4*(int)(max_send_fragment=s->max_send_fragment) && + u_len >= 4*(max_send_fragment=s->max_send_fragment) && s->compress==NULL && s->msg_callback==NULL && !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && EVP_CIPHER_flags(s->enc_write_ctx->cipher)&EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) @@ -706,7 +714,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) int packlen; /* minimize address aliasing conflicts */ - if ((max_send_fragment&0xffff) == 0) + if ((max_send_fragment&0xfff) == 0) max_send_fragment -= 512; if (tot==0 || wb->buf==NULL) /* allocate jumbo buffer */ @@ -717,7 +725,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE, max_send_fragment,NULL); - if (len>=8*(int)max_send_fragment) packlen *= 8; + if (u_len >= 8*max_send_fragment) packlen *= 8; else packlen *= 4; wb->buf=OPENSSL_malloc(packlen); @@ -1110,8 +1118,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->length += eivlen; } - /* ssl3_enc can only have an error on read */ - s->method->ssl3_enc->enc(s,1); + if(s->method->ssl3_enc->enc(s,1)<1) goto err; if (SSL_USE_ETM(s) && mac_size != 0) { @@ -1246,7 +1253,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (!ssl3_setup_read_buffer(s)) return(-1); - if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); @@ -1785,7 +1792,7 @@ int ssl3_send_alert(SSL *s, int level, int desc) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ if (desc < 0) return -1; /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) + if ((level == SSL3_AL_FATAL) && (s->session != NULL)) SSL_CTX_remove_session(s->ctx,s->session); s->s3->alert_dispatch=1;