29 lines
598 B
Diff
29 lines
598 B
Diff
--- openssl-1.0.0a/ssl/t1_lib.c 25 Nov 2010 12:28:28 -0000 1.64.2.17
|
|
+++ openssl-1.0.0a/ssl/t1_lib.c 8 Feb 2011 00:00:00 -0000
|
|
@@ -917,6 +917,7 @@
|
|
}
|
|
n2s(data, idsize);
|
|
dsize -= 2 + idsize;
|
|
+ size -= 2 + idsize;
|
|
if (dsize < 0)
|
|
{
|
|
*al = SSL_AD_DECODE_ERROR;
|
|
@@ -955,9 +956,14 @@
|
|
}
|
|
|
|
/* Read in request_extensions */
|
|
+ if (size < 2)
|
|
+ {
|
|
+ *al = SSL_AD_DECODE_ERROR;
|
|
+ return 0;
|
|
+ }
|
|
n2s(data,dsize);
|
|
size -= 2;
|
|
- if (dsize > size)
|
|
+ if (dsize != size)
|
|
{
|
|
*al = SSL_AD_DECODE_ERROR;
|
|
return 0;
|
|
|
|
|