From: Matt Caswell Date: Tue, 7 Mar 2017 09:58:27 +0000 (+0000) Subject: Fix no-comp X-Git-Tag: OpenSSL_1_1_1-pre1~2088 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4f7b76bf0f255c0a04eb3e47361a00b19f16120d;p=oweals%2Fopenssl.git Fix no-comp The value of SSL3_RT_MAX_ENCRYPTED_LENGTH normally includes the compression overhead (even if no compression is negotiated for a connection). Except in a build where no-comp is used the value of SSL3_RT_MAX_ENCRYPTED_LENGTH does not include the compression overhead. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2872) --- diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 1e281fc19f..211de55e09 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -349,8 +349,14 @@ int ssl3_get_record(SSL *s) } else { size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH; +#ifndef OPENSSL_NO_COMP + /* + * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH + * does not include the compression overhead anyway. + */ if (s->expand == NULL) len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; +#endif if (thisrr->length > len) { al = SSL_AD_RECORD_OVERFLOW; diff --git a/test/recordlentest.c b/test/recordlentest.c index 6bb1db4053..82ababea3b 100644 --- a/test/recordlentest.c +++ b/test/recordlentest.c @@ -78,7 +78,7 @@ static int fail_due_to_record_overflow(int enc) return 0; } -static int test_record_plain_overflow(int idx) +static int test_record_overflow(int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -111,7 +111,10 @@ static int test_record_plain_overflow(int idx) if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { - len = SSL3_RT_MAX_ENCRYPTED_LENGTH - SSL3_RT_MAX_COMPRESSED_OVERHEAD; + len = SSL3_RT_MAX_ENCRYPTED_LENGTH; +#ifndef OPENSSL_NO_COMP + len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; +#endif SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION); } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { @@ -211,7 +214,7 @@ int test_main(int argc, char *argv[]) cert = argv[1]; privkey = argv[2]; - ADD_ALL_TESTS(test_record_plain_overflow, TOTAL_RECORD_OVERFLOW_TESTS); + ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS); testresult = run_tests(argv[0]);