summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src')
-rw-r--r--lib/libssl/src/ssl/s3_srvr.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index 57f1d3f52a8..deb3cffabeb 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1588,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
enc_ticket.length = i;
+
+ if (n < enc_ticket.length + 6)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
enc_ticket.data = (char *)p;
p+=enc_ticket.length;
n2s(p,i);
authenticator.length = i;
+
+ if (n < enc_ticket.length + authenticator.length + 6)
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
authenticator.data = (char *)p;
p+=authenticator.length;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.