Commit 75862f77 authored by Matt Caswell's avatar Matt Caswell
Browse files

Sanity check the return from final_finish_mac 



The return value is checked for 0. This is currently safe but we should
really check for <= 0 since -1 is frequently used for error conditions.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
(cherry picked from commit c427570e)

Conflicts:
	ssl/ssl_locl.h
parent 99ceb2d4

ssl/s3_both.c

+1 −1
Original line number Diff line number Diff line
@@ -168,7 +168,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) 
        i = s->method->ssl3_enc->final_finish_mac(s,

                                                  sender, slen,

                                                  s->s3->tmp.finish_md);

        if (i == 0)

        if (i <= 0)

            return 0;

        s->s3->tmp.finish_md_len = i;

        memcpy(p, s->s3->tmp.finish_md, i);

ssl/ssl_locl.h

+0 −1
Original line number Diff line number Diff line
@@ -1230,7 +1230,6 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); 
int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);



int dtls1_send_change_cipher_spec(SSL *s, int a, int b);

int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);

int dtls1_read_failed(SSL *s, int code);

int dtls1_buffer_message(SSL *s, int ccs);

int dtls1_retransmit_message(SSL *s, unsigned short seq,