Commit e704d91d authored by Bernd Edlinger's avatar Bernd Edlinger Committed by Andy Polyakov
Browse files

Don't access memory before checking the correct length in... 


Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3025)
parent f49cf4af

crypto/evp/e_aes_cbc_hmac_sha256.c

+3 −1
Original line number Diff line number Diff line
@@ -825,11 +825,13 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, 
    case EVP_CTRL_AEAD_TLS1_AAD:

        {

            unsigned char *p = ptr;

            unsigned int len = p[arg - 2] << 8 | p[arg - 1];

            unsigned int len;



            if (arg != EVP_AEAD_TLS1_AAD_LEN)

                return -1;



            len = p[arg - 2] << 8 | p[arg - 1];



            if (ctx->encrypt) {

                key->payload_length = len;

                if ((key->aux.tls_ver =