summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2014-12-01 10:43:26 +0100
committerArne Schwabe <arne@rfc2549.org>2014-12-01 10:43:26 +0100
commit764c6125aba7a52154555819c23a97498b79017c (patch)
treea2222b70d9ffe1aadb18543cdd503a4370afd8b7
parent9d7d2185426a51d31f0c70bfe96c5254d1c9df17 (diff)
Add fix for upcoming CVE-2014-8104
--HG-- extra : rebase_source : ec92418bc2616537f0e6d90eba6d2af0f6ef28ee
-rw-r--r--main/openvpn/src/openvpn/ssl.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c
index 2adfa26f..cdc8eb19 100644
--- a/main/openvpn/src/openvpn/ssl.c
+++ b/main/openvpn/src/openvpn/ssl.c
@@ -2036,7 +2036,11 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
ASSERT (session->opt->key_method == 2);
/* discard leading uint32 */
- ASSERT (buf_advance (buf, 4));
+ if (!buf_advance (buf, 4)) {
+ msg (D_TLS_ERRORS, "TLS ERROR: Plaintext buffer too short (%d bytes).",
+ buf->len);
+ goto error;
+ }
/* get key method */
key_method_flags = buf_read_u8 (buf);