merge with mysql-5.5.30 minus few incorrect or not applicable changesets

author: Sergei Golubchik <sergii@pisem.net> 2013-02-28 18:42:49 +0100
committer: Sergei Golubchik <sergii@pisem.net> 2013-02-28 18:42:49 +0100
commit: 8161c6772d144d6a4f08fc924ff6e6e403d1371d (patch)
tree: 3f1fe5f8048a163da4eadf0f86c1fd2a3007955d /extra
parent: 154aac8eb002f5d167153e09f1d13570989521e0 (diff)
parent: 31c06437c970d4d0f4ec0301acac9c56e0ed29b5 (diff)
download: mariadb-git-8161c6772d144d6a4f08fc924ff6e6e403d1371d.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index c1ee61d043e..c7dbaf86071 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -767,8 +767,14 @@ int DoProcessReply(SSL& ssl)
 
         while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
             // each message in record, can be more than 1 if not encrypted
-            if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
+            if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on
+                // sanity check for malicious/corrupted/illegal input
+                if (buffer.get_remaining() < hdr.length_) {
+                    ssl.SetError(bad_input);
+                    return 0;
+                }
                 decrypt_message(ssl, buffer, hdr.length_);
+            }
                 
             mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
             if (!msg.get()) {
author	Sergei Golubchik <sergii@pisem.net>	2013-02-28 18:42:49 +0100
committer	Sergei Golubchik <sergii@pisem.net>	2013-02-28 18:42:49 +0100
commit	8161c6772d144d6a4f08fc924ff6e6e403d1371d (patch)
tree	3f1fe5f8048a163da4eadf0f86c1fd2a3007955d /extra
parent	154aac8eb002f5d167153e09f1d13570989521e0 (diff)
parent	31c06437c970d4d0f4ec0301acac9c56e0ed29b5 (diff)
download	mariadb-git-8161c6772d144d6a4f08fc924ff6e6e403d1371d.tar.gz