Merge remote-tracking branch 'origin/released'

* origin/released: Opdated to openssl-1.0.1h xkeyboard-config fontconfig libX11 libxcb xcb-proto mesa xserver git update 26 June 2014 Conflicts: openssl/Makefile
author: marha <marha@users.sourceforge.net> 2014-06-26 09:35:54 +0200
committer: marha <marha@users.sourceforge.net> 2014-06-26 09:35:54 +0200
commit: d47db8d4713de42ccca071c9e8401fc7a213ed49 (patch)
tree: 7189b3c025315c514ae9d2835810b94d0e4e0e01 /openssl/ssl/s3_srvr.c
parent: 880395e8c3f451bf34b96da76fcee133b356e966 (diff)
parent: c30d5eefc96925b4bef781806c7a0114eca1b8e0 (diff)
download: vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.tar.gz
vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.tar.bz2
vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.zip
1 files changed, 17 insertions, 16 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 9ac19c05f..503bed3fe 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
 		case SSL3_ST_SR_CERT_VRFY_A:
 		case SSL3_ST_SR_CERT_VRFY_B:
 
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
 
 		case SSL3_ST_SR_FINISHED_A:
 		case SSL3_ST_SR_FINISHED_B:
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
 				SSL3_ST_SR_FINISHED_B);
 			if (ret <= 0) goto end;
@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
 				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
 #else
 				if (s->s3->next_proto_neg_seen)
+					{
+					s->s3->flags |= SSL3_FLAGS_CCS_OK;
 					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
+					}
 				else
 					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
 #endif
@@ -2097,6 +2102,11 @@ int ssl3_send_certificate_request(SSL *s)
 		s->init_num=n+4;
 		s->init_off=0;
 #ifdef NETSCAPE_HANG_BUG
+		if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+			{
+			SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+			goto err;
+			}
 		p=(unsigned char *)s->init_buf->data + s->init_num;
 
 		/* do the header */
@@ -2813,6 +2823,8 @@ int ssl3_get_client_key_exchange(SSL *s)
 			unsigned char premaster_secret[32], *start;
 			size_t outlen=32, inlen;
 			unsigned long alg_a;
+			int Ttag, Tclass;
+			long Tlen;
 
 			/* Get our certificate private key*/
 			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -2834,26 +2846,15 @@ int ssl3_get_client_key_exchange(SSL *s)
 					ERR_clear_error();
 				}
 			/* Decrypt session key */
-			if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) 
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-				goto gerr;
-				}
-			if (p[1] == 0x81)
-				{
-				start = p+3;
-				inlen = p[2];
-				}
-			else if (p[1] < 0x80)
-				{
-				start = p+2;
-				inlen = p[1];
-				}
-			else
+			if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED || 
+				Ttag != V_ASN1_SEQUENCE ||
+			 	Tclass != V_ASN1_UNIVERSAL) 
 				{
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
 				goto gerr;
 				}
+			start = p;
+			inlen = Tlen;
 			if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
 
 				{
author	marha <marha@users.sourceforge.net>	2014-06-26 09:35:54 +0200
committer	marha <marha@users.sourceforge.net>	2014-06-26 09:35:54 +0200
commit	d47db8d4713de42ccca071c9e8401fc7a213ed49 (patch)
tree	7189b3c025315c514ae9d2835810b94d0e4e0e01 /openssl/ssl/s3_srvr.c
parent	880395e8c3f451bf34b96da76fcee133b356e966 (diff)
parent	c30d5eefc96925b4bef781806c7a0114eca1b8e0 (diff)
download	vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.tar.gz vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.tar.bz2 vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.zip