From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri, 24 Mar 2017 08:03:54 +0000 (+0100)
Subject: Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl... 
X-Git-Tag: OpenSSL_1_1_1-pre1~1951
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1b6f5a4d3b8cdb02e0bba6878a2b70c850522440;p=oweals%2Fopenssl.git

Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)
---

diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 4830c00648..bef603a3a5 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -777,11 +777,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
     case EVP_CTRL_AEAD_TLS1_AAD:
         {
             unsigned char *p = ptr;
-            unsigned int len = p[arg - 2] << 8 | p[arg - 1];
+            unsigned int len;
 
             if (arg != EVP_AEAD_TLS1_AAD_LEN)
                 return -1;
 
+            len = p[arg - 2] << 8 | p[arg - 1];
+
             if (EVP_CIPHER_CTX_encrypting(ctx)) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =