| 1 |
diff -up openssl-fips-0.9.8e/ssl/d1_both.c.dtls-sizechecks openssl-fips-0.9.8e/ssl/d1_both.c |
| 2 |
--- openssl-fips-0.9.8e/ssl/d1_both.c.dtls-sizechecks 2014-08-08 11:19:09.000000000 +0200 |
| 3 |
+++ openssl-fips-0.9.8e/ssl/d1_both.c 2014-08-08 11:29:58.457106869 +0200 |
| 4 |
@@ -549,6 +549,16 @@ dtls1_retrieve_buffered_fragment(SSL *s, |
| 5 |
return 0; |
| 6 |
} |
| 7 |
|
| 8 |
+/* dtls1_max_handshake_message_len returns the maximum number of bytes |
| 9 |
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may |
| 10 |
+ * be greater if the maximum certificate list size requires it. */ |
| 11 |
+static unsigned long dtls1_max_handshake_message_len(const SSL *s) |
| 12 |
+ { |
| 13 |
+ unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; |
| 14 |
+ if (max_len < (unsigned long)s->max_cert_list) |
| 15 |
+ return s->max_cert_list; |
| 16 |
+ return max_len; |
| 17 |
+ } |
| 18 |
|
| 19 |
static int |
| 20 |
dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) |
| 21 |
@@ -587,6 +597,9 @@ dtls1_process_out_of_seq_message(SSL *s, |
| 22 |
|
| 23 |
if (frag_len) |
| 24 |
{ |
| 25 |
+ if (frag_len > dtls1_max_handshake_message_len(s)) |
| 26 |
+ goto err; |
| 27 |
+ |
| 28 |
frag = dtls1_hm_fragment_new(frag_len); |
| 29 |
if ( frag == NULL) |
| 30 |
goto err; |
Parent Directory
| 
Revision Log
| 
Revision Graph
