Fix small OOB reads.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 17 Sep 2016 11:36:58 +0000 (12:36 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 21 Sep 2016 13:14:36 +0000 (14:14 +0100)
commit52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
tree677d04bd6f5b394b39205825a4055f2a931d1020
parent515a0105652a1b84d712b4d162cf859c02bf5450
Fix small OOB reads.

In ssl3_get_client_certificate, ssl3_get_server_certificate and
ssl3_get_certificate_request check we have enough room
before reading a length.

Thanks to Shi Lei (Gear Team, Qihoo 360 Inc.) for reporting these bugs.

CVE-2016-6306

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit ff553f837172ecb2b5c8eca257ec3c5619a4b299)
ssl/s3_clnt.c
ssl/s3_srvr.c