author | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> |
Fri, 17 Jun 2016 14:00:04 -0700 | |
changeset 6247 | af889a8e1145 |
permissions | -rw-r--r-- |
6247
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
1 |
# The patch is based on the following commit from the upstream: |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
2 |
# https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
3 |
# The fix is patched until the new version becomes available |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
4 |
# from the upstream. |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
5 |
--- a/ssl/s3_srvr.c |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
6 |
+++ b/ssl/s3_srvr.c |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
7 |
@@ -989,7 +989,7 @@ int ssl3_get_client_hello(SSL *s) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
8 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
9 |
session_length = *(p + SSL3_RANDOM_SIZE); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
10 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
11 |
- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
12 |
+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
13 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
14 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
15 |
goto f_err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
16 |
@@ -1007,7 +1007,7 @@ int ssl3_get_client_hello(SSL *s) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
17 |
/* get the session-id */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
18 |
j = *(p++); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
19 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
20 |
- if (p + j > d + n) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
21 |
+ if ((d + n) - p < j) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
22 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
23 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
24 |
goto f_err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
25 |
@@ -1063,14 +1063,14 @@ int ssl3_get_client_hello(SSL *s) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
26 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
27 |
if (SSL_IS_DTLS(s)) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
28 |
/* cookie stuff */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
29 |
- if (p + 1 > d + n) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
30 |
+ if ((d + n) - p < 1) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
31 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
32 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
33 |
goto f_err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
34 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
35 |
cookie_len = *(p++); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
36 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
37 |
- if (p + cookie_len > d + n) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
38 |
+ if ((d + n ) - p < cookie_len) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
39 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
40 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
41 |
goto f_err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
42 |
@@ -1140,7 +1140,7 @@ int ssl3_get_client_hello(SSL *s) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
43 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
44 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
45 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
46 |
- if (p + 2 > d + n) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
47 |
+ if ((d + n ) - p < 2) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
48 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
49 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
50 |
goto f_err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
51 |
@@ -1154,7 +1154,7 @@ int ssl3_get_client_hello(SSL *s) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
52 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
53 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
54 |
/* i bytes of cipher data + 1 byte for compression length later */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
55 |
- if ((p + i + 1) > (d + n)) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
56 |
+ if ((d + n) - p < i + 1) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
57 |
/* not enough data */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
58 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
59 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
60 |
@@ -1220,7 +1220,7 @@ int ssl3_get_client_hello(SSL *s) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
61 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
62 |
/* compression */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
63 |
i = *(p++); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
64 |
- if ((p + i) > (d + n)) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
65 |
+ if ((d + n) - p < i) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
66 |
/* not enough data */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
67 |
al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
68 |
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
69 |
--- a/ssl/ssl_sess.c |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
70 |
+++ b/ssl/ssl_sess.c |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
71 |
@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
72 |
int r; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
73 |
#endif |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
74 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
75 |
- if (session_id + len > limit) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
76 |
+ if (limit - session_id < len) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
77 |
fatal = 1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
78 |
goto err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
79 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
80 |
--- a/ssl/t1_lib.c |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
81 |
+++ b/ssl/t1_lib.c |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
82 |
@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
83 |
0x02, 0x03, /* SHA-1/ECDSA */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
84 |
}; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
85 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
86 |
- if (data >= (limit - 2)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
87 |
+ if (limit - data <= 2) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
88 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
89 |
data += 2; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
90 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
91 |
- if (data > (limit - 4)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
92 |
+ if (limit - data < 4) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
93 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
94 |
n2s(data, type); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
95 |
n2s(data, size); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
96 |
@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
97 |
if (type != TLSEXT_TYPE_server_name) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
98 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
99 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
100 |
- if (data + size > limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
101 |
+ if (limit - data < size) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
102 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
103 |
data += size; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
104 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
105 |
@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
106 |
const size_t len1 = sizeof(kSafariExtensionsBlock); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
107 |
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
108 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
109 |
- if (data + len1 + len2 != limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
110 |
+ if (limit - data != (int)(len1 + len2)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
111 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
112 |
if (memcmp(data, kSafariExtensionsBlock, len1) != 0) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
113 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
114 |
@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
115 |
} else { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
116 |
const size_t len = sizeof(kSafariExtensionsBlock); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
117 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
118 |
- if (data + len != limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
119 |
+ if (limit - data != (int)(len)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
120 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
121 |
if (memcmp(data, kSafariExtensionsBlock, len) != 0) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
122 |
return; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
123 |
@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
124 |
if (data == limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
125 |
goto ri_check; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
126 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
127 |
- if (data > (limit - 2)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
128 |
+ if (limit - data < 2) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
129 |
goto err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
130 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
131 |
n2s(data, len); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
132 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
133 |
- if (data + len != limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
134 |
+ if (limit - data != len) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
135 |
goto err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
136 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
137 |
- while (data <= (limit - 4)) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
138 |
+ while (limit - data >= 4) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
139 |
n2s(data, type); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
140 |
n2s(data, size); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
141 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
142 |
- if (data + size > (limit)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
143 |
+ if (limit - data < size) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
144 |
goto err; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
145 |
# if 0 |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
146 |
fprintf(stderr, "Received extension type %d size %d\n", type, size); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
147 |
@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
148 |
if (s->hit || s->cert->srv_ext.meths_count == 0) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
149 |
return 1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
150 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
151 |
- if (data >= limit - 2) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
152 |
+ if (limit - data <= 2) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
153 |
return 1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
154 |
n2s(data, len); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
155 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
156 |
- if (data > limit - len) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
157 |
+ if (limit - data < len) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
158 |
return 1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
159 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
160 |
- while (data <= limit - 4) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
161 |
+ while (limit - data >= 4) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
162 |
n2s(data, type); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
163 |
n2s(data, size); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
164 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
165 |
- if (data + size > limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
166 |
+ if (limit - data < size) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
167 |
return 1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
168 |
if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
169 |
return 0; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
170 |
@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
171 |
SSL_TLSEXT_HB_DONT_SEND_REQUESTS); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
172 |
# endif |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
173 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
174 |
- if (data >= (d + n - 2)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
175 |
+ if ((d + n) - data <= 2) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
176 |
goto ri_check; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
177 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
178 |
n2s(data, length); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
179 |
- if (data + length != d + n) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
180 |
+ if ((d + n) - data != length) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
181 |
*al = SSL_AD_DECODE_ERROR; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
182 |
return 0; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
183 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
184 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
185 |
- while (data <= (d + n - 4)) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
186 |
+ while ((d + n) - data >= 4) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
187 |
n2s(data, type); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
188 |
n2s(data, size); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
189 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
190 |
- if (data + size > (d + n)) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
191 |
+ if ((d + n) - data < size) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
192 |
goto ri_check; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
193 |
|
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
194 |
if (s->tlsext_debug_cb) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
195 |
@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
196 |
/* Skip past DTLS cookie */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
197 |
if (SSL_IS_DTLS(s)) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
198 |
i = *(p++); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
199 |
- p += i; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
200 |
- if (p >= limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
201 |
+ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
202 |
+ if (limit - p <= i) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
203 |
return -1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
204 |
+ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
205 |
+ p += i; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
206 |
} |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
207 |
/* Skip past cipher list */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
208 |
n2s(p, i); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
209 |
- p += i; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
210 |
- if (p >= limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
211 |
+ if (limit - p <= i) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
212 |
return -1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
213 |
+ p += i; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
214 |
+ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
215 |
/* Skip past compression algorithm list */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
216 |
i = *(p++); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
217 |
- p += i; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
218 |
- if (p > limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
219 |
+ if (limit - p < i) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
220 |
return -1; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
221 |
+ p += i; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
222 |
+ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
223 |
/* Now at start of extensions */ |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
224 |
- if ((p + 2) >= limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
225 |
+ if (limit - p <= 2) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
226 |
return 0; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
227 |
n2s(p, i); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
228 |
- while ((p + 4) <= limit) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
229 |
+ while (limit - p >= 4) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
230 |
unsigned short type, size; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
231 |
n2s(p, type); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
232 |
n2s(p, size); |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
233 |
- if (p + size > limit) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
234 |
+ if (limit - p < size) |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
235 |
return 0; |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
236 |
if (type == TLSEXT_TYPE_session_ticket) { |
af889a8e1145
23599994 problem in LIBRARY/OPENSSL
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
diff
changeset
|
237 |
int r; |