diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-14 05:26:33 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2015-07-14 05:26:33 +0000 |
| commit | cfa519e49567570b8a2f866745f6f6ae8d88b7ad (patch) | |
| tree | 6f07e7a6e54b5fc60b8b5047cdf0f17bee0b876f /lib | |
| parent | c2649017c52d7aead867dff708fd929571cdb970 (diff) | |
Convert dtls1_get_hello_verify to CBS.
ok miod@ jsing@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/d1_clnt.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index adde3cd39ee..261e4e996fd 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_clnt.c,v 1.45 2015/06/13 08:38:10 doug Exp $ */ +/* $OpenBSD: d1_clnt.c,v 1.46 2015/07/14 05:26:32 doug Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -113,6 +113,7 @@ * [including the GNU Public Licence.] */ +#include <limits.h> #include <stdio.h> #include "ssl_locl.h" @@ -124,6 +125,8 @@ #include <openssl/md5.h> #include <openssl/objects.h> +#include "bytestring.h" + static const SSL_METHOD *dtls1_get_client_method(int ver); static int dtls1_get_hello_verify(SSL *s); @@ -697,9 +700,11 @@ err: static int dtls1_get_hello_verify(SSL *s) { - int n, al, ok = 0; - unsigned char *data; - unsigned int cookie_len; + long n; + int al, ok = 0; + size_t cookie_len; + uint16_t ssl_version; + CBS hello_verify_request, cookie; n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); @@ -713,32 +718,33 @@ dtls1_get_hello_verify(SSL *s) return (1); } - if (2 > n) + if (n < 0) goto truncated; - data = (unsigned char *)s->init_msg; - if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { + CBS_init(&hello_verify_request, s->init_msg, n); + + if (!CBS_get_u16(&hello_verify_request, &ssl_version)) + goto truncated; + + if (ssl_version != s->version) { SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); - s->version = (s->version & 0xff00) | data[1]; + s->version = (s->version & 0xff00) | (ssl_version & 0xff); al = SSL_AD_PROTOCOL_VERSION; goto f_err; } - data += 2; - if (2 + 1 > n) - goto truncated; - cookie_len = *(data++); - if (2 + 1 + cookie_len > n) + if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) goto truncated; - if (cookie_len > sizeof(s->d1->cookie)) { + + if (!CBS_write_bytes(&cookie, s->d1->cookie, + sizeof(s->d1->cookie), &cookie_len)) { + s->d1->cookie_len = 0; al = SSL_AD_ILLEGAL_PARAMETER; goto f_err; } - - memcpy(s->d1->cookie, data, cookie_len); s->d1->cookie_len = cookie_len; - s->d1->send_cookie = 1; + return 1; truncated: |