From fba7b84ca30dc809652e9f35f65e1d55c5b3c6e4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 7 Nov 2016 15:13:04 +0000 Subject: [PATCH] Swap back to using SSL3_RANDOM_SIZE instead of sizeof(clienthello.random) The size if fixed by the protocol and won't change even if sizeof(clienthello.random) does. Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz --- ssl/statem/statem_srvr.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b09ed1dbc4..6bd16b879b 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -983,12 +983,16 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } clienthello.session_id_len = session_id_len; - /* Load the client random and compression list. */ - challenge_len = challenge_len > sizeof(clienthello.random) - ? sizeof(clienthello.random) : challenge_len; - memset(clienthello.random, 0, sizeof(clienthello.random)); + /* Load the client random and compression list. We use SSL3_RANDOM_SIZE + * here rather than sizeof(clienthello.random) because that is the limit + * for SSLv3 and it is fixed. It won't change even if + * sizeof(clienthello.random) does. + */ + challenge_len = challenge_len > SSL3_RANDOM_SIZE + ? SSL3_RANDOM_SIZE : challenge_len; + memset(clienthello.random, 0, SSL3_RANDOM_SIZE); if (!PACKET_copy_bytes(&challenge, - clienthello.random + sizeof(clienthello.random) - + clienthello.random + SSL3_RANDOM_SIZE - challenge_len, challenge_len) /* Advertise only null compression. */ || !PACKET_buf_init(&compression, &null_compression, 1)) { -- 2.25.1