diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2014-04-29 15:46:55 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2014-04-29 15:46:55 +0000 |
| commit | 09a60c84db4fb9b3ef966e0f3b7fcf8060adbc50 (patch) | |
| tree | 52d809d01011ce763b848aa616d1d05d9f5716e4 | |
| parent | a3bd0de38bc82d0fba49cca0f411c6d72e958a0f (diff) | |
Constrain bytes read/written to positive values.
ok miod@ tedu@
| -rw-r--r-- | lib/libssl/s3_pkt.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 4a8462ecb91..a5ed3c07cc6 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -561,6 +561,11 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) unsigned int tot, n, nw; int i; + if (len < 0) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } + s->rwstate = SSL_NOTHING; tot = s->s3->wnum; s->s3->wnum = 0; @@ -902,6 +907,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (!ssl3_setup_read_buffer(s)) return (-1); + if (len < 0) { + SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { |