diff options
| author | Joerg Bruehe <joerg.bruehe@oracle.com> | 2012-03-02 13:23:52 +0100 |
|---|---|---|
| committer | Joerg Bruehe <joerg.bruehe@oracle.com> | 2012-03-02 13:23:52 +0100 |
| commit | bfaebe3f5e4b917c4498e234bad7a9d45d07ca62 (patch) | |
| tree | d5f9b580b8298c368c983d1fe6510f2c0da959bd /extra/yassl/src | |
| parent | f7f34f7e866fdf11662eb1053b15a36a7c0d4a2a (diff) | |
| parent | ceec7cea338e117d15a9679e517cc2bb24d44fcc (diff) | |
| download | mariadb-git-bfaebe3f5e4b917c4498e234bad7a9d45d07ca62.tar.gz | |
Further upmerge the yaSSL upgrade (to 2.2.0) from MySQL 5.1 to 5.5.
Also, take a syntax fix (C++ style comment in C file) in client/mysqldump.c.
Diffstat (limited to 'extra/yassl/src')
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 20 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 5 |
2 files changed, 22 insertions, 3 deletions
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 6d2549749f2..66a173bece8 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1087,19 +1087,37 @@ void Certificate::Process(input_buffer& input, SSL& ssl) uint32 list_sz; byte tmp[3]; + if (input.get_remaining() < sizeof(tmp)) { + ssl.SetError(YasslError(bad_input)); + return; + } tmp[0] = input[AUTO]; tmp[1] = input[AUTO]; tmp[2] = input[AUTO]; c24to32(tmp, list_sz); + + if (list_sz > (uint)MAX_RECORD_SIZE) { // sanity check + ssl.SetError(YasslError(bad_input)); + return; + } while (list_sz) { // cert size uint32 cert_sz; + + if (input.get_remaining() < sizeof(tmp)) { + ssl.SetError(YasslError(bad_input)); + return; + } tmp[0] = input[AUTO]; tmp[1] = input[AUTO]; tmp[2] = input[AUTO]; c24to32(tmp, cert_sz); + if (cert_sz > (uint)MAX_RECORD_SIZE || input.get_remaining() < cert_sz){ + ssl.SetError(YasslError(bad_input)); + return; + } x509* myCert; cm.AddPeerCert(myCert = NEW_YS x509(cert_sz)); input.read(myCert->use_buffer(), myCert->get_length()); diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 9eada49a2e7..73f8f2330c5 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -308,8 +308,9 @@ SSL::SSL(SSL_CTX* ctx) SetError(YasslError(err)); return; } - else if (serverSide && !(ctx->GetCiphers().setSuites_)) { + else if (serverSide && ctx->GetCiphers().setSuites_ == 0) { // remove RSA or DSA suites depending on cert key type + // but don't override user sets ProtocolVersion pv = secure_.get_connection().version_; bool removeDH = secure_.use_parms().removeDH_; |