Upgrade openssl to version openssl-1.0.1i

author: marha <marha@users.sourceforge.net> 2014-09-02 18:24:12 +0200
committer: marha <marha@users.sourceforge.net> 2014-09-02 18:26:00 +0200
commit: 04168ae281bfbd714ddf6b90d98eac892508dde8 (patch)
tree: c2d7e42dede9c0b9930ce537eb7d804e45459e53 /openssl/ssl/s3_srvr.c
parent: e21655632e3fd40b7f6a5cc3c7f3c379d54557c4 (diff)
download: vcxsrv-04168ae281bfbd714ddf6b90d98eac892508dde8.tar.gz
vcxsrv-04168ae281bfbd714ddf6b90d98eac892508dde8.tar.bz2
vcxsrv-04168ae281bfbd714ddf6b90d98eac892508dde8.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 503bed3fe..286750128 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -2795,6 +2795,13 @@ int ssl3_get_client_key_exchange(SSL *s)
 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
 				goto err;
 				}
+			if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
+				|| BN_is_zero(s->srp_ctx.A))
+				{
+				al=SSL_AD_ILLEGAL_PARAMETER;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
+				goto f_err;
+				}
 			if (s->session->srp_username != NULL)
 				OPENSSL_free(s->session->srp_username);
 			s->session->srp_username = BUF_strdup(s->srp_ctx.login);
@@ -2918,7 +2925,7 @@ int ssl3_get_cert_verify(SSL *s)
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		516, /* Enough for 4096 bit RSA key with TLS v1.2 */
+		SSL3_RT_MAX_PLAIN_LENGTH,
 		&ok);
 
 	if (!ok) return((int)n);
author	marha <marha@users.sourceforge.net>	2014-09-02 18:24:12 +0200
committer	marha <marha@users.sourceforge.net>	2014-09-02 18:26:00 +0200
commit	04168ae281bfbd714ddf6b90d98eac892508dde8 (patch)
tree	c2d7e42dede9c0b9930ce537eb7d804e45459e53 /openssl/ssl/s3_srvr.c
parent	e21655632e3fd40b7f6a5cc3c7f3c379d54557c4 (diff)
download	vcxsrv-04168ae281bfbd714ddf6b90d98eac892508dde8.tar.gz vcxsrv-04168ae281bfbd714ddf6b90d98eac892508dde8.tar.bz2 vcxsrv-04168ae281bfbd714ddf6b90d98eac892508dde8.zip