Skip to content
Commit 77857ddc authored by Matt Caswell's avatar Matt Caswell
Browse files

Avoid an overflow in constructing the ServerKeyExchange message



We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent cbffd2d9
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment