openssl: Fix CVE-2011-0014.
authorPeter Avalos <pavalos@dragonflybsd.org>
Wed, 9 Feb 2011 05:16:20 +0000 (19:16 -1000)
committerPeter Avalos <pavalos@dragonflybsd.org>
Wed, 9 Feb 2011 05:16:20 +0000 (19:16 -1000)
crypto/openssl/ssl/t1_lib.c

index eea5916..99ab190 100644 (file)
@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                                }
                                        n2s(data, idsize);
                                        dsize -= 2 + idsize;
+                                       size -= 2 + idsize;
                                        if (dsize < 0)
                                                {
                                                *al = SSL_AD_DECODE_ERROR;
@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                        }
 
                                /* Read in request_extensions */
+                               if (size < 2)
+                                       {
+                                       *al = SSL_AD_DECODE_ERROR;
+                                       return 0;
+                                       }
                                n2s(data,dsize);
                                size -= 2;
-                               if (dsize > size) 
+                               if (dsize != size)
                                        {
                                        *al = SSL_AD_DECODE_ERROR;
                                        return 0;