diff options
author | Arne Schwabe <arne@rfc2549.org> | 2014-04-23 12:31:35 +0200 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2014-04-23 12:31:35 +0200 |
commit | 0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch) | |
tree | fae9826018c36f1011007d029b728c290c50485c /main/openssl/ssl/t1_lib.c | |
parent | c69ba1780496c260a1b4498596bae428e0df232d (diff) |
Update OpenSSL to 1.0.1g
Diffstat (limited to 'main/openssl/ssl/t1_lib.c')
-rw-r--r-- | main/openssl/ssl/t1_lib.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c index eba732f1..369e09f4 100644 --- a/main/openssl/ssl/t1_lib.c +++ b/main/openssl/ssl/t1_lib.c @@ -684,8 +684,13 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha } #endif +#ifdef TLSEXT_TYPE_padding /* Add padding to workaround bugs in F5 terminators. - * See https://tools.ietf.org/html/draft-agl-tls-padding-02 */ + * See https://tools.ietf.org/html/draft-agl-tls-padding-03 + * + * NB: because this code works out the length of all existing + * extensions it MUST always appear last. + */ { int hlen = ret - (unsigned char *)s->init_buf->data; /* The code in s23_clnt.c to build ClientHello messages includes the @@ -707,7 +712,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ret += hlen; } } - +#endif if ((extdatalen = ret-p-2)== 0) return p; @@ -1412,7 +1417,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in tls1_process_sigalgs(s, data, dsize); } else if (type == TLSEXT_TYPE_status_request && - s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) + s->version != DTLS1_VERSION) { if (size < 5) @@ -2744,16 +2749,20 @@ tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; |