From: Richard Levitte <levitte@openssl.org>
Date: Fri, 15 Nov 2002 09:15:55 +0000 (+0000)
Subject: We need to read one more byte of the REQUEST-CERTIFICATE message.
X-Git-Tag: OpenSSL_0_9_7-beta4~18^2~14
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0a5942093e06f60f0fa683505ee3693a4fdea070;p=oweals%2Fopenssl.git

We need to read one more byte of the REQUEST-CERTIFICATE message.
PR: 300
---

diff --git a/CHANGES b/CHANGES
index 09509abd4b..cf1bc8d785 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2082,6 +2082,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
 
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
   *) Change the default configuration reader to deal with last line not
      being properly terminated.
      [Richard Levitte]
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 681bfad8f7..da783230a5 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -770,8 +770,8 @@ static int client_certificate(SSL *s)
 	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
 		{
 		i=ssl2_read(s,(char *)&(buf[s->init_num]),
-			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
-		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
 			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
 		s->init_num += i;
 		if (s->msg_callback)