Skip to content
Commit 1e16987f authored by Matt Caswell's avatar Matt Caswell
Browse files

Avoid an overflow in constructing the ServerKeyExchange message



We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 43cb3090
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment