Skip to content
Commit 592ac253 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add sanity check in ssl3_cbc_digest_record



For SSLv3 the code assumes that |header_length| > |md_block_size|. Whilst
this is true for all SSLv3 ciphersuites, this fact is far from obvious by
looking at the code. If this were not the case then an integer overflow
would occur, leading to a subsequent buffer overflow. Therefore I have
added an explicit sanity check to ensure header_length is always valid.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
(cherry picked from commit 29b0a15a)
parent d8896822
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment