diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2004-01-08 18:55:04 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2004-01-08 18:55:04 +0000 |
commit | 6ce53a1670ce9ff837297bf25db9f2616d594787 (patch) | |
tree | d7d7cb9aa3aa39e3df1f9a9d2fc88e06aa91aa04 | |
parent | 0ac7ffa6ab8c5a8c2bebdb4125367cdeed993f01 (diff) | |
download | nss-hg-6ce53a1670ce9ff837297bf25db9f2616d594787.tar.gz |
overload the error code SSL_ERROR_RX_RECORD_TOO_LONG to report
SSL2 records that re too short. bugtraq #4972840
-rw-r--r-- | security/nss/lib/ssl/sslgathr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/sslgathr.c b/security/nss/lib/ssl/sslgathr.c index 1d316db84..060e68b2e 100644 --- a/security/nss/lib/ssl/sslgathr.c +++ b/security/nss/lib/ssl/sslgathr.c @@ -197,6 +197,11 @@ ssl2_GatherData(sslSocket *ss, sslGather *gs, int flags) gs->recordPadding = gs->hdr[2]; } + if (!gs->count) { + PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + goto cleanup; + } + if (gs->count > gs->buf.space) { err = sslBuffer_Grow(&gs->buf, gs->count); if (err) { |