diff options
author | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2002-11-13 15:43:43 +0000 |
commit | 54a656ef081f72a740c550ebd8099b40b8b5cde0 (patch) | |
tree | 9b3638b56848c7f0648b84cfa7ad056116b37a1b /ssl/ssl_lib.c | |
parent | 8f797f14b8ff7d3d5cb04443284259a0c94860b3 (diff) | |
download | openssl-54a656ef081f72a740c550ebd8099b40b8b5cde0.zip openssl-54a656ef081f72a740c550ebd8099b40b8b5cde0.tar.gz openssl-54a656ef081f72a740c550ebd8099b40b8b5cde0.tar.bz2 |
Security fixes brought forward from 0.9.7.
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 851155e..f411267 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,6 +125,7 @@ #include <openssl/objects.h> #include <openssl/lhash.h> #include <openssl/x509v3.h> +#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -277,6 +278,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->sid_ctx_length=ctx->sid_ctx_length; + OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); s->verify_callback=ctx->default_verify_callback; s->generate_session_id=ctx->generate_session_id; @@ -318,7 +320,7 @@ err: int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) + if(sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -368,6 +370,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * any new session built out of this id/id_len and the ssl_version in * use by this SSL. */ SSL_SESSION r, *p; + + if(id_len > sizeof r.session_id) + return 0; + r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); |