Add a return value check to tls13_buffer_extend(). - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2020-03-10 17:11:25 +0000
committer	jsing <jsing@openbsd.org>	2020-03-10 17:11:25 +0000
commit	96130b2dad110fb33dd5f655fc9fd1005d350d6f (patch)
tree	9e0020f9e339f491bb071d5095d8bf65033b953f /lib/libssl/tls13_server.c
parent	Remove the enc function pointers. (diff)
download	wireguard-openbsd-96130b2dad110fb33dd5f655fc9fd1005d350d6f.tar.xz wireguard-openbsd-96130b2dad110fb33dd5f655fc9fd1005d350d6f.zip

Add a return value check to tls13_buffer_extend().

In the unlikely event that the return value from the read callback is larger than the number of bytes we asked for, we can end up incrementing buf->len beyond capacity. Check the return value from the read callback to prevent this. ok inoguchi@ tb@

Diffstat (limited to 'lib/libssl/tls13_server.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: