diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2014-04-29 15:46:55 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2014-04-29 15:46:55 +0000 |
| commit | 86a41a3f2476d1f08684985dd4ee979f67c1cd31 (patch) | |
| tree | 92de49ba22fa7cd8d9b42ab2e3411691d9cf5b23 /lib | |
| parent | 35e1b47309e21a5ce841b8526c96311a86efceed (diff) | |
Constrain bytes read/written to positive values.
ok miod@ tedu@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/s3_pkt.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 4a8462ecb91..a5ed3c07cc6 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -561,6 +561,11 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) unsigned int tot, n, nw; int i; + if (len < 0) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } + s->rwstate = SSL_NOTHING; tot = s->s3->wnum; s->s3->wnum = 0; @@ -902,6 +907,11 @@ ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (!ssl3_setup_read_buffer(s)) return (-1); + if (len < 0) { + SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } + if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || (peek && (type != SSL3_RT_APPLICATION_DATA))) { |