From: Bodo Möller Date: Thu, 3 Feb 2011 12:04:48 +0000 (+0000) Subject: Assorted bugfixes: X-Git-Tag: OpenSSL_0_9_8r~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9d09fc8485479a38c37a1de1378a0ded22492f7e;p=oweals%2Fopenssl.git Assorted bugfixes: - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Neel Mehta, Bodo Moeller) --- diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c index efd366fa22..18bceae51e 100644 --- a/crypto/comp/c_rle.c +++ b/crypto/comp/c_rle.c @@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen-1)) + if (ilen == 0 || olen < (ilen-1)) { /* ZZZZZZZZZZZZZZZZZZZZZZ */ return(-1); @@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, } return(ilen-1); } - diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index eeffe25492..c87d84499e 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s) p+=3; n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; - n2s(p,i); s->session->key_arg_length=i; - if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + n2s(p,i); + if(i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG); return -1; } + s->session->key_arg_length=i; s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; }