From: Matt Caswell Date: Mon, 7 Nov 2016 15:13:04 +0000 (+0000) Subject: Swap back to using SSL3_RANDOM_SIZE instead of sizeof(clienthello.random) X-Git-Tag: OpenSSL_1_1_1-pre1~3145 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=fba7b84ca30dc809652e9f35f65e1d55c5b3c6e4;p=oweals%2Fopenssl.git Swap back to using SSL3_RANDOM_SIZE instead of sizeof(clienthello.random) The size if fixed by the protocol and won't change even if sizeof(clienthello.random) does. Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz --- diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b09ed1dbc4..6bd16b879b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -983,12 +983,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } clienthello.session_id_len = session_id_len; - /* Load the client random and compression list. */ - challenge_len = challenge_len > sizeof(clienthello.random) - ? sizeof(clienthello.random) : challenge_len; - memset(clienthello.random, 0, sizeof(clienthello.random)); + /* Load the client random and compression list. We use SSL3_RANDOM_SIZE + * here rather than sizeof(clienthello.random) because that is the limit + * for SSLv3 and it is fixed. It won't change even if + * sizeof(clienthello.random) does. + */ + challenge_len = challenge_len > SSL3_RANDOM_SIZE + ? SSL3_RANDOM_SIZE : challenge_len; + memset(clienthello.random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, - clienthello.random + sizeof(clienthello.random) - + clienthello.random + SSL3_RANDOM_SIZE - challenge_len, challenge_len) /* Advertise only null compression. */ || !PACKET_buf_init(&compression, &null_compression, 1)) {