aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/s3_srvr.c
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2014-09-01 17:44:28 -0400
committerMike DePaulo <mikedep333@gmail.com>2014-09-01 17:44:28 -0400
commitf13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21 (patch)
treefd03f01d13342419f0ebaf53daa0161a072a8d62 /openssl/ssl/s3_srvr.c
parentcf84b2dc07ef59c1adb4fe29789c7dbbbd35fbb4 (diff)
downloadvcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.gz
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.tar.bz2
vcxsrv-f13663bcc1a0d7b86a29e52e0a0d5bd746bc4d21.zip
Update OpenSSL from 1.0.1h to 1.0.1i
Diffstat (limited to 'openssl/ssl/s3_srvr.c')
-rw-r--r--openssl/ssl/s3_srvr.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 503bed3fe..286750128 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -2795,6 +2795,13 @@ int ssl3_get_client_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
goto err;
}
+ if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
+ || BN_is_zero(s->srp_ctx.A))
+ {
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
+ goto f_err;
+ }
if (s->session->srp_username != NULL)
OPENSSL_free(s->session->srp_username);
s->session->srp_username = BUF_strdup(s->srp_ctx.login);
@@ -2918,7 +2925,7 @@ int ssl3_get_cert_verify(SSL *s)
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
- 516, /* Enough for 4096 bit RSA key with TLS v1.2 */
+ SSL3_RT_MAX_PLAIN_LENGTH,
&ok);
if (!ok) return((int)n);