From 764c6125aba7a52154555819c23a97498b79017c Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Mon, 1 Dec 2014 10:43:26 +0100
Subject: Add fix for upcoming CVE-2014-8104

--HG--
extra : rebase_source : ec92418bc2616537f0e6d90eba6d2af0f6ef28ee
---
 main/openvpn/src/openvpn/ssl.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'main')

diff --git a/main/openvpn/src/openvpn/ssl.c b/main/openvpn/src/openvpn/ssl.c
index 2adfa26f..cdc8eb19 100644
--- a/main/openvpn/src/openvpn/ssl.c
+++ b/main/openvpn/src/openvpn/ssl.c
@@ -2036,7 +2036,11 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi
   ASSERT (session->opt->key_method == 2);
 
   /* discard leading uint32 */
-  ASSERT (buf_advance (buf, 4));
+  if (!buf_advance (buf, 4)) {
+    msg (D_TLS_ERRORS, "TLS ERROR: Plaintext buffer too short (%d bytes).",
+	buf->len);
+    goto error;
+  }
 
   /* get key method */
   key_method_flags = buf_read_u8 (buf);
-- 
cgit v1.2.3