diff options
Diffstat (limited to 'freebsd/crypto/openssl/ssl/s3_srvr.c')
| -rw-r--r-- | freebsd/crypto/openssl/ssl/s3_srvr.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/freebsd/crypto/openssl/ssl/s3_srvr.c b/freebsd/crypto/openssl/ssl/s3_srvr.c index 40524d99..5916d77d 100644 --- a/freebsd/crypto/openssl/ssl/s3_srvr.c +++ b/freebsd/crypto/openssl/ssl/s3_srvr.c @@ -58,7 +58,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1961,11 +1961,12 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { + size_t len = strlen(s->ctx->psk_identity_hint); + /* copy PSK identity hint */ - s2n(strlen(s->ctx->psk_identity_hint), p); - strncpy((char *)p, s->ctx->psk_identity_hint, - strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); + s2n(len, p); + memcpy(p, s->ctx->psk_identity_hint, len); + p += len; } #endif @@ -2092,6 +2093,11 @@ int ssl3_send_certificate_request(SSL *s) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; nl = tls12_get_psigalgs(s, 1, &psigs); + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } s2n(nl, p); memcpy(p, psigs, nl); p += nl; @@ -2108,6 +2114,11 @@ int ssl3_send_certificate_request(SSL *s) for (i = 0; i < sk_X509_NAME_num(sk); i++) { name = sk_X509_NAME_value(sk, i); j = i2d_X509_NAME(name, NULL); + if (j > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } if (!BUF_MEM_grow_clean (buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, @@ -2129,6 +2140,11 @@ int ssl3_send_certificate_request(SSL *s) n += j; nl += j; } + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } } } /* else no CA names */ |