diff options
| author | marha <marha@users.sourceforge.net> | 2014-06-26 09:30:29 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2014-06-26 09:30:29 +0200 |
| commit | c30d5eefc96925b4bef781806c7a0114eca1b8e0 (patch) | |
| tree | 420bb99ba463e5df728e71214ea6aaed0ad18fcb /openssl/ssl/t1_lib.c | |
| parent | d435b20322433b335a4fc5693cce0399a3f27b2d (diff) | |
| download | vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.tar.gz vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.tar.bz2 vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.zip | |
Opdated to openssl-1.0.1h
xkeyboard-config fontconfig libX11 libxcb xcb-proto mesa xserver git update 26 June 2014
xserver commit a3b44ad8db1fa2f3b81c1ff9498f31c5323edd37
libxcb commit 125135452a554e89e49448e2c1ee6658324e1095
libxcb/xcb-proto commit 84bfd909bc3774a459b11614cfebeaa584a1eb38
xkeyboard-config commit 39a226707b133ab5540c2d30176cb3857e74dcca
libX11 commit a4679baaa18142576d42d423afe816447f08336c
fontconfig commit 274f2181f294af2eff3e8db106ec8d7bab2d3ff1
mesa commit 9a8acafa47558cafeb37f80f4b30061ac1962c69
Diffstat (limited to 'openssl/ssl/t1_lib.c')
| -rw-r--r-- | openssl/ssl/t1_lib.c | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index bddffd92c..3b8d5153e 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -617,6 +617,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha #ifndef OPENSSL_NO_HEARTBEATS /* Add Heartbeat extension */ + if ((limit - ret - 4 - 1) < 0) + return NULL; s2n(TLSEXT_TYPE_heartbeat,ret); s2n(1,ret); /* Set mode: @@ -661,36 +663,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha ret += el; } #endif - -#ifdef TLSEXT_TYPE_padding /* Add padding to workaround bugs in F5 terminators. * See https://tools.ietf.org/html/draft-agl-tls-padding-03 * * NB: because this code works out the length of all existing * extensions it MUST always appear last. */ - { - int hlen = ret - (unsigned char *)s->init_buf->data; - /* The code in s23_clnt.c to build ClientHello messages includes the - * 5-byte record header in the buffer, while the code in s3_clnt.c does - * not. */ - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) - hlen -= 5; - if (hlen > 0xff && hlen < 0x200) + if (s->options & SSL_OP_TLSEXT_PADDING) { - hlen = 0x200 - hlen; - if (hlen >= 4) - hlen -= 4; - else - hlen = 0; + int hlen = ret - (unsigned char *)s->init_buf->data; + /* The code in s23_clnt.c to build ClientHello messages + * includes the 5-byte record header in the buffer, while + * the code in s3_clnt.c does not. + */ + if (s->state == SSL23_ST_CW_CLNT_HELLO_A) + hlen -= 5; + if (hlen > 0xff && hlen < 0x200) + { + hlen = 0x200 - hlen; + if (hlen >= 4) + hlen -= 4; + else + hlen = 0; - s2n(TLSEXT_TYPE_padding, ret); - s2n(hlen, ret); - memset(ret, 0, hlen); - ret += hlen; + s2n(TLSEXT_TYPE_padding, ret); + s2n(hlen, ret); + memset(ret, 0, hlen); + ret += hlen; + } } - } -#endif if ((extdatalen = ret-p-2)== 0) return p; @@ -845,6 +846,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha /* Add Heartbeat extension if we've received one */ if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) { + if ((limit - ret - 4 - 1) < 0) + return NULL; s2n(TLSEXT_TYPE_heartbeat,ret); s2n(1,ret); /* Set mode: |