Update OpenSSL from 1.0.1h to 1.0.1i

author: Mike DePaulo <mikedep333@gmail.com> 2014-09-01 17:44:28 -0400
committer: Mike DePaulo <mikedep333@gmail.com> 2014-09-01 17:44:28 -0400
commit: f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch)
tree: fd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/ssl/s3_srvr.c
parent: cf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff)
download: vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 503bed3fe..286750128 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -2795,6 +2795,13 @@ int ssl3_get_client_key_exchange(SSL *s)
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
 				goto err;
 				}
+			if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
+				|| BN_is_zero(s->srp_ctx.A))
+				{
+				al=SSL_AD_ILLEGAL_PARAMETER;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
+				goto f_err;
+				}
 			if (s->session->srp_username != NULL)
 				OPENSSL_free(s->session->srp_username);
 			s->session->srp_username = BUF_strdup(s->srp_ctx.login);
@@ -2918,7 +2925,7 @@ int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		516, /* Enough for 4096 bit RSA key with TLS v1.2 */
+		SSL3_RT_MAX_PLAIN_LENGTH,
 		&ok);
 
 	if (!ok) return((int)n);
author	Mike DePaulo <mikedep333@gmail.com>	2014-09-01 17:44:28 -0400
committer	Mike DePaulo <mikedep333@gmail.com>	2014-09-01 17:44:28 -0400
commit	f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch)
tree	fd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/ssl/s3_srvr.c
parent	cf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff)
download	vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2 vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip