summaryrefslogtreecommitdiff
path: root/main/openssl/ssl/t1_lib.c
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2014-04-23 12:31:35 +0200
committerArne Schwabe <arne@rfc2549.org>2014-04-23 12:31:35 +0200
commit0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
treefae9826018c36f1011007d029b728c290c50485c /main/openssl/ssl/t1_lib.c
parentc69ba1780496c260a1b4498596bae428e0df232d (diff)
Update OpenSSL to 1.0.1g
Diffstat (limited to 'main/openssl/ssl/t1_lib.c')
-rw-r--r--main/openssl/ssl/t1_lib.c25
1 files changed, 17 insertions, 8 deletions
diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c
index eba732f1..369e09f4 100644
--- a/main/openssl/ssl/t1_lib.c
+++ b/main/openssl/ssl/t1_lib.c
@@ -684,8 +684,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
}
#endif
+#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
- * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */
+ * See https://tools.ietf.org/html/draft-agl-tls-padding-03
+ *
+ * NB: because this code works out the length of all existing
+ * extensions it MUST always appear last.
+ */
{
int hlen = ret - (unsigned char *)s->init_buf->data;
/* The code in s23_clnt.c to build ClientHello messages includes the
@@ -707,7 +712,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += hlen;
}
}
-
+#endif
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -1412,7 +1417,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
tls1_process_sigalgs(s, data, dsize);
}
else if (type == TLSEXT_TYPE_status_request &&
- s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+ s->version != DTLS1_VERSION)
{
if (size < 5)
@@ -2744,16 +2749,20 @@ tls1_process_heartbeat(SSL *s)
unsigned int payload;
unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */
- hbtype = *p++;
- n2s(p, payload);
- pl = p;
-
if (s->msg_callback)
s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
&s->s3->rrec.data[0], s->s3->rrec.length,
s, s->msg_callback_arg);
+ /* Read type and payload length first */
+ if (1 + 2 + 16 > s->s3->rrec.length)
+ return 0; /* silently discard */
+ hbtype = *p++;
+ n2s(p, payload);
+ if (1 + 2 + payload + 16 > s->s3->rrec.length)
+ return 0; /* silently discard per RFC 6520 sec. 4 */
+ pl = p;
+
if (hbtype == TLS1_HB_REQUEST)
{
unsigned char *buffer, *bp;