aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/t1_lib.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2014-06-26 09:35:54 +0200
committermarha <marha@users.sourceforge.net>2014-06-26 09:35:54 +0200
commitd47db8d4713de42ccca071c9e8401fc7a213ed49 (patch)
tree7189b3c025315c514ae9d2835810b94d0e4e0e01 /openssl/ssl/t1_lib.c
parent880395e8c3f451bf34b96da76fcee133b356e966 (diff)
parentc30d5eefc96925b4bef781806c7a0114eca1b8e0 (diff)
downloadvcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.tar.gz
vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.tar.bz2
vcxsrv-d47db8d4713de42ccca071c9e8401fc7a213ed49.zip
Merge remote-tracking branch 'origin/released'
* origin/released: Opdated to openssl-1.0.1h xkeyboard-config fontconfig libX11 libxcb xcb-proto mesa xserver git update 26 June 2014 Conflicts: openssl/Makefile
Diffstat (limited to 'openssl/ssl/t1_lib.c')
-rw-r--r--openssl/ssl/t1_lib.c45
1 files changed, 24 insertions, 21 deletions
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c
index bddffd92c..3b8d5153e 100644
--- a/openssl/ssl/t1_lib.c
+++ b/openssl/ssl/t1_lib.c
@@ -617,6 +617,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_HEARTBEATS
/* Add Heartbeat extension */
+ if ((limit - ret - 4 - 1) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
/* Set mode:
@@ -661,36 +663,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
ret += el;
}
#endif
-
-#ifdef TLSEXT_TYPE_padding
/* Add padding to workaround bugs in F5 terminators.
* See https://tools.ietf.org/html/draft-agl-tls-padding-03
*
* NB: because this code works out the length of all existing
* extensions it MUST always appear last.
*/
- {
- int hlen = ret - (unsigned char *)s->init_buf->data;
- /* The code in s23_clnt.c to build ClientHello messages includes the
- * 5-byte record header in the buffer, while the code in s3_clnt.c does
- * not. */
- if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
- hlen -= 5;
- if (hlen > 0xff && hlen < 0x200)
+ if (s->options & SSL_OP_TLSEXT_PADDING)
{
- hlen = 0x200 - hlen;
- if (hlen >= 4)
- hlen -= 4;
- else
- hlen = 0;
+ int hlen = ret - (unsigned char *)s->init_buf->data;
+ /* The code in s23_clnt.c to build ClientHello messages
+ * includes the 5-byte record header in the buffer, while
+ * the code in s3_clnt.c does not.
+ */
+ if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+ hlen -= 5;
+ if (hlen > 0xff && hlen < 0x200)
+ {
+ hlen = 0x200 - hlen;
+ if (hlen >= 4)
+ hlen -= 4;
+ else
+ hlen = 0;
- s2n(TLSEXT_TYPE_padding, ret);
- s2n(hlen, ret);
- memset(ret, 0, hlen);
- ret += hlen;
+ s2n(TLSEXT_TYPE_padding, ret);
+ s2n(hlen, ret);
+ memset(ret, 0, hlen);
+ ret += hlen;
+ }
}
- }
-#endif
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -845,6 +846,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
/* Add Heartbeat extension if we've received one */
if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
{
+ if ((limit - ret - 4 - 1) < 0)
+ return NULL;
s2n(TLSEXT_TYPE_heartbeat,ret);
s2n(1,ret);
/* Set mode: