diff options
Diffstat (limited to 'freebsd/crypto/openssl/ssl/t1_trce.c')
-rw-r--r-- | freebsd/crypto/openssl/ssl/t1_trce.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/freebsd/crypto/openssl/ssl/t1_trce.c b/freebsd/crypto/openssl/ssl/t1_trce.c index 99028d20..c7cdc294 100644 --- a/freebsd/crypto/openssl/ssl/t1_trce.c +++ b/freebsd/crypto/openssl/ssl/t1_trce.c @@ -6,7 +6,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2012 The OpenSSL Project. All rights reserved. + * Copyright (c) 2012-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -647,6 +647,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int server, BIO_puts(bio, "No Extensions\n"); return 1; } + if (msglen < 2) + return 0; extslen = (msg[0] << 8) | msg[1]; if (extslen != msglen - 2) return 0; @@ -1023,6 +1025,8 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s, msglen -= xlen + 2; skip_sig: + if (msglen < 2) + return 0; xlen = (msg[0] << 8) | msg[1]; BIO_indent(bio, indent, 80); if (msglen < xlen + 2) @@ -1211,7 +1215,15 @@ void SSL_trace(int write_p, int version, int content_type, switch (content_type) { case SSL3_RT_HEADER: { - int hvers = msg[1] << 8 | msg[2]; + int hvers; + + /* avoid overlapping with length at the end of buffer */ + if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) { + BIO_puts(bio, write_p ? "Sent" : "Received"); + ssl_print_hex(bio, 0, " too short message", msg, msglen); + break; + } + hvers = msg[1] << 8 | msg[2]; BIO_puts(bio, write_p ? "Sent" : "Received"); BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n", ssl_trace_str(hvers, ssl_version_tbl), hvers); |