Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl...

author Bernd Edlinger <bernd.edlinger@hotmail.de>

Fri, 24 Mar 2017 12:09:43 +0000 (13:09 +0100)

committer Andy Polyakov <appro@openssl.org>

Sat, 25 Mar 2017 10:17:38 +0000 (11:17 +0100)
author Bernd Edlinger <bernd.edlinger@hotmail.de>
Fri, 24 Mar 2017 12:09:43 +0000 (13:09 +0100)
committer Andy Polyakov <appro@openssl.org>
Sat, 25 Mar 2017 10:17:38 +0000 (11:17 +0100)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c

index 46c9d033895b873e9206519145aa1c133bcb5918..8422aeee00d6f9197d9b678519b82dc2f4b396fd 100644 (file)
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -825,11 +825,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
      case EVP_CTRL_AEAD_TLS1_AAD:
          {
              unsigned char *p = ptr;
-            unsigned int len = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int len;
  
              if (arg != EVP_AEAD_TLS1_AAD_LEN)
                  return -1;
  
+            len = p[arg - 2] << 8 | p[arg - 1];
+
              if (ctx->encrypt) {
                  key->payload_length = len;
                  if ((key->aux.tls_ver =
author	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Fri, 24 Mar 2017 12:09:43 +0000 (13:09 +0100)
committer	Andy Polyakov <appro@openssl.org>
	Sat, 25 Mar 2017 10:17:38 +0000 (11:17 +0100)