diff options
| author | Philip Guenther <guenther@cvs.openbsd.org> | 2016-10-02 21:05:45 +0000 |
|---|---|---|
| committer | Philip Guenther <guenther@cvs.openbsd.org> | 2016-10-02 21:05:45 +0000 |
| commit | d6d5d6acc198d55644a99701f8e89ec08464e00a (patch) | |
| tree | 4f972604d75fe04491067dd153435d82b6f0e128 /lib | |
| parent | e42629e2f4285b68bf7024173d83d426e0eae288 (diff) | |
Detect zero-length encrypted session data early, instead of when malloc(0)
fails or the HMAC check fails.
Noted independently by jsing@ and Kurt Cancemi (kurt (at) x64architecture.com)
ok bcook@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/t1_lib.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 3f66e2e6d0b..67eabdae06f 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.90 2016/09/22 12:33:50 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.91 2016/10/02 21:05:44 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2225,7 +2225,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, } /* Sanity check ticket length: must exceed keyname + IV + HMAC */ - if (eticklen < 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) { + if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) { HMAC_CTX_cleanup(&hctx); EVP_CIPHER_CTX_cleanup(&ctx); return 2; |