Import patch for yassl 1.35

- Better check of required buffer size when processing incoming record headers extra/yassl/README: Import patch yassl.diff extra/yassl/src/handshake.cpp: Import patch yassl.diff extra/yassl/include/openssl/engine.h: Import patch yassl.diff extra/yassl/include/openssl/pkcs12.h: Import patch yassl.diff
author: unknown <msvensson@shellback.(none)> 2006-06-05 15:41:29 +0200
committer: unknown <msvensson@shellback.(none)> 2006-06-05 15:41:29 +0200
commit: 9bcd212dbbba1849187d3c0be3837db02bca9cdd (patch)
tree: d230790c37b6bbd191865efb1ef5b4bc2346b711 /extra/yassl/src
parent: df2425646f0983e449755f7f067ecabb1304e4fc (diff)
download: mariadb-git-9bcd212dbbba1849187d3c0be3837db02bca9cdd.tar.gz
1 files changed, 24 insertions, 6 deletions
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index 2b099af930c..12b62f26e14 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -458,6 +458,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
 
     uint16 sz = ((b0 & 0x7f) << 8) | b1;
 
+    if (sz > input.get_remaining()) {
+        ssl.SetError(bad_input);
+        return;
+    }
+
     // hashHandShake manually
     const opaque* buffer = input.get_buffer() + input.get_current();
     ssl.useHashes().use_MD5().update(buffer, sz);
@@ -681,25 +686,38 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
     // old style sslv2 client hello?
     if (ssl.getSecurity().get_parms().entity_ == server_end &&
                   ssl.getStates().getServer() == clientNull) 
-        if (buffer.peek() != handshake)
+        if (buffer.peek() != handshake) {
             ProcessOldClientHello(buffer, ssl);
+            if (ssl.GetError()) {
+                buffered.reset(0);
+                return buffered;
+            }
+        }
 
     while(!buffer.eof()) {
         // each record
         RecordLayerHeader hdr;
+        bool              needHdr = false;
+
+        if (static_cast<uint>(RECORD_HEADER) > buffer.get_remaining())
+            needHdr = true;
+        else {
         buffer >> hdr;
         ssl.verifyState(hdr);
+        }
 
         // make sure we have enough input in buffer to process this record
-        if (hdr.length_ > buffer.get_remaining()) { 
-            uint sz = buffer.get_remaining() + RECORD_HEADER;
+        if (needHdr || hdr.length_ > buffer.get_remaining()) {
+            // put header in front for next time processing
+            uint extra = needHdr ? 0 : RECORD_HEADER;
+            uint sz = buffer.get_remaining() + extra;
             buffered.reset(NEW_YS input_buffer(sz, buffer.get_buffer() +
-                           buffer.get_current() - RECORD_HEADER, sz));
+                           buffer.get_current() - extra, sz));
             break;
         }
 
         while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
-            // each message in record
+            // each message in record, can be more than 1 if not encrypted
             if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
                 decrypt_message(ssl, buffer, hdr.length_);
             mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_), ysDelete);
@@ -717,7 +735,7 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
         }
         offset += hdr.length_ + RECORD_HEADER;
     }
-    return buffered;  // done, don't call again
+    return buffered;
 }
author	unknown <msvensson@shellback.(none)>	2006-06-05 15:41:29 +0200
committer	unknown <msvensson@shellback.(none)>	2006-06-05 15:41:29 +0200
commit	9bcd212dbbba1849187d3c0be3837db02bca9cdd (patch)
tree	d230790c37b6bbd191865efb1ef5b4bc2346b711 /extra/yassl/src
parent	df2425646f0983e449755f7f067ecabb1304e4fc (diff)
download	mariadb-git-9bcd212dbbba1849187d3c0be3837db02bca9cdd.tar.gz