upstream/oracle/userland-gate: components/openssl/common/patches/047-CVE-2016-2177.patch@af889a8e1145 (annotated)

6247 af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	1	# The patch is based on the following commit from the upstream:
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	2	# https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	3	# The fix is patched until the new version becomes available
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	4	# from the upstream.
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	5	--- a/ssl/s3_srvr.c
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	6	+++ b/ssl/s3_srvr.c
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	7	@@ -989,7 +989,7 @@ int ssl3_get_client_hello(SSL *s)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	8
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	9	session_length = *(p + SSL3_RANDOM_SIZE);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	10
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	11	- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	12	+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	13	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	14	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	15	goto f_err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	16	@@ -1007,7 +1007,7 @@ int ssl3_get_client_hello(SSL *s)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	17	/* get the session-id */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	18	j = *(p++);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	19
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	20	- if (p + j > d + n) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	21	+ if ((d + n) - p < j) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	22	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	23	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	24	goto f_err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	25	@@ -1063,14 +1063,14 @@ int ssl3_get_client_hello(SSL *s)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	26
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	27	if (SSL_IS_DTLS(s)) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	28	/* cookie stuff */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	29	- if (p + 1 > d + n) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	30	+ if ((d + n) - p < 1) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	31	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	32	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	33	goto f_err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	34	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	35	cookie_len = *(p++);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	36
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	37	- if (p + cookie_len > d + n) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	38	+ if ((d + n ) - p < cookie_len) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	39	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	40	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	41	goto f_err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	42	@@ -1140,7 +1140,7 @@ int ssl3_get_client_hello(SSL *s)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	43	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	44	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	45
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	46	- if (p + 2 > d + n) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	47	+ if ((d + n ) - p < 2) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	48	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	49	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	50	goto f_err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	51	@@ -1154,7 +1154,7 @@ int ssl3_get_client_hello(SSL *s)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	52	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	53
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	54	/* i bytes of cipher data + 1 byte for compression length later */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	55	- if ((p + i + 1) > (d + n)) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	56	+ if ((d + n) - p < i + 1) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	57	/* not enough data */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	58	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	59	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	60	@@ -1220,7 +1220,7 @@ int ssl3_get_client_hello(SSL *s)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	61
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	62	/* compression */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	63	i = *(p++);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	64	- if ((p + i) > (d + n)) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	65	+ if ((d + n) - p < i) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	66	/* not enough data */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	67	al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	68	SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	69	--- a/ssl/ssl_sess.c
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	70	+++ b/ssl/ssl_sess.c
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	71	@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL s, unsigned char session_id, int len,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	72	int r;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	73	#endif
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	74
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	75	- if (session_id + len > limit) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	76	+ if (limit - session_id < len) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	77	fatal = 1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	78	goto err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	79	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	80	--- a/ssl/t1_lib.c
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	81	+++ b/ssl/t1_lib.c
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	82	@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL s, const unsigned char data,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	83	0x02, 0x03, /* SHA-1/ECDSA */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	84	};
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	85
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	86	- if (data >= (limit - 2))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	87	+ if (limit - data <= 2)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	88	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	89	data += 2;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	90
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	91	- if (data > (limit - 4))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	92	+ if (limit - data < 4)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	93	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	94	n2s(data, type);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	95	n2s(data, size);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	96	@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL s, const unsigned char data,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	97	if (type != TLSEXT_TYPE_server_name)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	98	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	99
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	100	- if (data + size > limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	101	+ if (limit - data < size)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	102	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	103	data += size;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	104
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	105	@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL s, const unsigned char data,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	106	const size_t len1 = sizeof(kSafariExtensionsBlock);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	107	const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	108
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	109	- if (data + len1 + len2 != limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	110	+ if (limit - data != (int)(len1 + len2))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	111	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	112	if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	113	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	114	@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL s, const unsigned char data,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	115	} else {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	116	const size_t len = sizeof(kSafariExtensionsBlock);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	117
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	118	- if (data + len != limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	119	+ if (limit - data != (int)(len))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	120	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	121	if (memcmp(data, kSafariExtensionsBlock, len) != 0)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	122	return;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	123	@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL s, unsigned char *p,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	124	if (data == limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	125	goto ri_check;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	126
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	127	- if (data > (limit - 2))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	128	+ if (limit - data < 2)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	129	goto err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	130
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	131	n2s(data, len);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	132
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	133	- if (data + len != limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	134	+ if (limit - data != len)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	135	goto err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	136
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	137	- while (data <= (limit - 4)) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	138	+ while (limit - data >= 4) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	139	n2s(data, type);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	140	n2s(data, size);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	141
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	142	- if (data + size > (limit))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	143	+ if (limit - data < size)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	144	goto err;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	145	# if 0
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	146	fprintf(stderr, "Received extension type %d size %d\n", type, size);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	147	@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	148	if (s->hit \|\| s->cert->srv_ext.meths_count == 0)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	149	return 1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	150
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	151	- if (data >= limit - 2)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	152	+ if (limit - data <= 2)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	153	return 1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	154	n2s(data, len);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	155
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	156	- if (data > limit - len)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	157	+ if (limit - data < len)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	158	return 1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	159
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	160	- while (data <= limit - 4) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	161	+ while (limit - data >= 4) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	162	n2s(data, type);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	163	n2s(data, size);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	164
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	165	- if (data + size > limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	166	+ if (limit - data < size)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	167	return 1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	168	if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	169	return 0;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	170	@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL s, unsigned char *p,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	171	SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	172	# endif
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	173
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	174	- if (data >= (d + n - 2))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	175	+ if ((d + n) - data <= 2)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	176	goto ri_check;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	177
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	178	n2s(data, length);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	179	- if (data + length != d + n) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	180	+ if ((d + n) - data != length) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	181	*al = SSL_AD_DECODE_ERROR;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	182	return 0;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	183	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	184
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	185	- while (data <= (d + n - 4)) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	186	+ while ((d + n) - data >= 4) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	187	n2s(data, type);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	188	n2s(data, size);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	189
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	190	- if (data + size > (d + n))
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	191	+ if ((d + n) - data < size)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	192	goto ri_check;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	193
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	194	if (s->tlsext_debug_cb)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	195	@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL s, unsigned char session_id, int len,
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	196	/* Skip past DTLS cookie */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	197	if (SSL_IS_DTLS(s)) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	198	i = *(p++);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	199	- p += i;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	200	- if (p >= limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	201	+
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	202	+ if (limit - p <= i)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	203	return -1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	204	+
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	205	+ p += i;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	206	}
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	207	/* Skip past cipher list */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	208	n2s(p, i);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	209	- p += i;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	210	- if (p >= limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	211	+ if (limit - p <= i)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	212	return -1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	213	+ p += i;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	214	+
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	215	/* Skip past compression algorithm list */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	216	i = *(p++);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	217	- p += i;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	218	- if (p > limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	219	+ if (limit - p < i)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	220	return -1;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	221	+ p += i;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	222	+
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	223	/* Now at start of extensions */
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	224	- if ((p + 2) >= limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	225	+ if (limit - p <= 2)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	226	return 0;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	227	n2s(p, i);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	228	- while ((p + 4) <= limit) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	229	+ while (limit - p >= 4) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	230	unsigned short type, size;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	231	n2s(p, type);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	232	n2s(p, size);
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	233	- if (p + size > limit)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	234	+ if (limit - p < size)
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	235	return 0;
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	236	if (type == TLSEXT_TYPE_session_ticket) {
af889a8e1145 23599994 problem in LIBRARY/OPENSSL Misaki Miyashita <Misaki.Miyashita@Oracle.COM> parents: diff changeset	237	int r;

author	Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
	Fri, 17 Jun 2016 14:00:04 -0700
changeset 6247	af889a8e1145
permissions	-rw-r--r--