From: Andy Polyakov <appro@openssl.org>
Date: Sun, 23 Oct 2011 22:58:40 +0000 (+0000)
Subject: e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
X-Git-Tag: OpenSSL-fips-2_0-rc1~5
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=507b0d9d38486dbde08d7dc359d2d6fc904ee624

e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
---

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index e3bd2b4982..95d7421168 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -940,7 +940,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
 	int rv = -1;
 	/* Encrypt/decrypt must be performed in place */
-	if (out != in)
+	if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN))
 		return -1;
 	/* Set IV from start of buffer or generate IV and write to start
 	 * of buffer.