aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-07-30 12:44:15 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-07-30 12:44:15 +0000
commitc1803d783676ddc1f7655e0a58c00f35ec8c4f45 (patch)
treea6133c35ab337984fbbd26293f8b1ad7a958132b /crypto/openssl/ssl/s3_srvr.c
parenta21b1b381ecca3813b44ac652d05a5133d3f4e2b (diff)
downloadsrc-c1803d783676ddc1f7655e0a58c00f35ec8c4f45.tar.gz
src-c1803d783676ddc1f7655e0a58c00f35ec8c4f45.zip
Import of OpenSSL 0.9.6d.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=100928
Diffstat (limited to 'crypto/openssl/ssl/s3_srvr.c')
-rw-r--r--crypto/openssl/ssl/s3_srvr.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 0280bb92f76a..2319737fed05 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -167,7 +167,6 @@ int ssl3_accept(SSL *s)
long num1;
int ret= -1;
int new_state,state,skip=0;
- int got_new_session=0;
RAND_add(&Time,sizeof(Time),0);
ERR_clear_error();
@@ -280,7 +279,7 @@ int ssl3_accept(SSL *s)
s->shutdown=0;
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
- got_new_session=1;
+ s->new_session = 2;
s->state=SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
break;
@@ -513,7 +512,7 @@ int ssl3_accept(SSL *s)
s->init_num=0;
- if (got_new_session) /* skipped if we just sent a HelloRequest */
+ if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
{
/* actually not necessarily a 'new' session */
@@ -712,7 +711,7 @@ static int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
- if ((i+p) > (d+n))
+ if ((p+i) >= (d+n))
{
/* not enough data */
al=SSL_AD_DECODE_ERROR;
@@ -769,6 +768,13 @@ static int ssl3_get_client_hello(SSL *s)
/* compression */
i= *(p++);
+ if ((p+i) > (d+n))
+ {
+ /* not enough data */
+ al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
q=p;
for (j=0; j<i; j++)
{
@@ -816,7 +822,7 @@ static int ssl3_get_client_hello(SSL *s)
/* TLS does not mind if there is extra stuff */
if (s->version == SSL3_VERSION)
{
- if (p > (d+n))
+ if (p < (d+n))
{
/* wrong number of bytes,
* there could be more to follow */