10.0-base merge

author: Sergei Golubchik <sergii@pisem.net> 2013-04-15 15:09:22 +0200
committer: Sergei Golubchik <sergii@pisem.net> 2013-04-15 15:09:22 +0200
commit: a9035be5b7a7b3865ddb4ef34a5d0cfc65dfc254 (patch)
tree: a9df7341e91623f62fe37cd47fce139d8888fc95 /extra/yassl
parent: 3a1c91d87d69ef243b3e78be6089102cafef0a8e (diff)
parent: f57ecb7786177e0af3b1e3ec94302720b2e0f967 (diff)
download: mariadb-git-a9035be5b7a7b3865ddb4ef34a5d0cfc65dfc254.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index 3a1ade9816c..97db6264dbb 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -767,8 +767,14 @@ int DoProcessReply(SSL& ssl)
 
         while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
             // each message in record, can be more than 1 if not encrypted
-            if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
+            if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on
+                // sanity check for malicious/corrupted/illegal input
+                if (buffer.get_remaining() < hdr.length_) {
+                    ssl.SetError(bad_input);
+                    return 0;
+                }
                 decrypt_message(ssl, buffer, hdr.length_);
+            }
                 
             mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
             if (!msg.get()) {
author	Sergei Golubchik <sergii@pisem.net>	2013-04-15 15:09:22 +0200
committer	Sergei Golubchik <sergii@pisem.net>	2013-04-15 15:09:22 +0200
commit	a9035be5b7a7b3865ddb4ef34a5d0cfc65dfc254 (patch)
tree	a9df7341e91623f62fe37cd47fce139d8888fc95 /extra/yassl
parent	3a1c91d87d69ef243b3e78be6089102cafef0a8e (diff)
parent	f57ecb7786177e0af3b1e3ec94302720b2e0f967 (diff)
download	mariadb-git-a9035be5b7a7b3865ddb4ef34a5d0cfc65dfc254.tar.gz