diff options
| author | df@pippilotta.erinye.com <> | 2008-01-23 17:12:07 +0100 |
|---|---|---|
| committer | df@pippilotta.erinye.com <> | 2008-01-23 17:12:07 +0100 |
| commit | 96d62f43d3e300e8fa15680e868095fa3d9c0d8b (patch) | |
| tree | 88a47bcf8669b1a57b0257d99fe2fc70d38dc2f2 /extra | |
| parent | a55b4dd4fbeab4bbd1b2ec7eb2c24f0b66e61bbe (diff) | |
| parent | 022639a18f28bd33b91d7eae79de78027ab7097f (diff) | |
| download | mariadb-git-96d62f43d3e300e8fa15680e868095fa3d9c0d8b.tar.gz | |
Merge pippilotta.erinye.com:/shared/home/df/mysql/build/mysql-5.0-build
into pippilotta.erinye.com:/shared/home/df/mysql/build/mysql-5.1-build
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/yassl/src/handshake.cpp | 5 | ||||
| -rw-r--r-- | extra/yassl/src/template_instnt.cpp | 1 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_imp.cpp | 11 |
3 files changed, 16 insertions, 1 deletions
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index 1d5a95820bb..262b5cb3b8b 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -527,6 +527,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl) input.read(len, sizeof(len)); uint16 randomLen; ato16(len, randomLen); + if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN || + randomLen > RAN_LEN) { + ssl.SetError(bad_input); + return; + } int j = 0; for (uint16 i = 0; i < ch.suite_len_; i += 3) { diff --git a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp index f82f7924359..fe3a251b865 100644 --- a/extra/yassl/src/template_instnt.cpp +++ b/extra/yassl/src/template_instnt.cpp @@ -101,6 +101,7 @@ template void ysArrayDelete<unsigned char>(unsigned char*); template void ysArrayDelete<char>(char*); template int min<int>(int, int); +template uint16 min<uint16>(uint16, uint16); template unsigned int min<unsigned int>(unsigned int, unsigned int); template unsigned long min<unsigned long>(unsigned long, unsigned long); } diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index 0bc95f64abc..b43d9c27355 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -621,6 +621,10 @@ void HandShakeHeader::Process(input_buffer& input, SSL& ssl) } uint len = c24to32(length_); + if (len > input.get_remaining()) { + ssl.SetError(bad_input); + return; + } hashHandShake(ssl, input, len); hs->set_length(len); @@ -1391,10 +1395,15 @@ input_buffer& operator>>(input_buffer& input, ClientHello& hello) // Suites byte tmp[2]; + uint16 len; tmp[0] = input[AUTO]; tmp[1] = input[AUTO]; - ato16(tmp, hello.suite_len_); + ato16(tmp, len); + + hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ)); input.read(hello.cipher_suites_, hello.suite_len_); + if (len > hello.suite_len_) // ignore extra suites + input.set_current(input.get_current() + len - hello.suite_len_); // Compression hello.comp_len_ = input[AUTO]; |