Commit 02c0bb1f authored by Harin Vadodaria's avatar Harin Vadodaria

Bug#15965288: BUFFER OVERFLOW IN YASSL FUNCTION

              DOPROCESSREPLY()

Description: Merge from 5.1 to 5.5
parents 5f915465 82aa3857
...@@ -767,8 +767,14 @@ int DoProcessReply(SSL& ssl) ...@@ -767,8 +767,14 @@ int DoProcessReply(SSL& ssl)
while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) { while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
// each message in record, can be more than 1 if not encrypted // each message in record, can be more than 1 if not encrypted
if (ssl.getSecurity().get_parms().pending_ == false) // cipher on if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on
// sanity check for malicious/corrupted/illegal input
if (buffer.get_remaining() < hdr.length_) {
ssl.SetError(bad_input);
return 0;
}
decrypt_message(ssl, buffer, hdr.length_); decrypt_message(ssl, buffer, hdr.length_);
}
mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_)); mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
if (!msg.get()) { if (!msg.get()) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment