diff options
Diffstat (limited to 'deps/openssl/openssl/ssl/t1_lib.c')
-rw-r--r-- | deps/openssl/openssl/ssl/t1_lib.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c index 1a4387b78e..75c2f4154d 100644 --- a/deps/openssl/openssl/ssl/t1_lib.c +++ b/deps/openssl/openssl/ssl/t1_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -2284,8 +2284,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + if (size == 0) + goto err; + + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || ecpointformatlist_length < 1) goto err; @@ -2711,8 +2715,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + + if (size == 0) { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -3505,6 +3515,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; + /* Need at least keyname + iv */ + if (eticklen < 16 + EVP_MAX_IV_LENGTH) + return 2; + /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); @@ -3513,9 +3527,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); if (rv < 0) - return -1; - if (rv == 0) + goto err; + if (rv == 0) { + HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } if (rv == 2) renew_ticket = 1; } else { |