Import patch for yassl 1.35

 - Better check of required buffer size when processing incoming record headers
parent 16a31b39
yaSSL Release notes, version 1.3.0 (04/26/06) yaSSL Release notes, version 1.3.5 (06/01/06)
This release of yaSSL contains bug fixes, portability enhancements,
better libcurl support, and improved non-blocking I/O.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
********************yaSSL Release notes, version 1.3.0 (04/26/06)
This release of yaSSL contains minor bug fixes, portability enhancements, This release of yaSSL contains minor bug fixes, portability enhancements,
...@@ -17,8 +27,8 @@ See normal build instructions below under 1.0.6. ...@@ -17,8 +27,8 @@ See normal build instructions below under 1.0.6.
make make
make openssl-links make openssl-links
(then go to your libcurl home and tell libcurl about yaSSL) (then go to your libcurl home and tell libcurl about yaSSL build dir)
./configure --with-ssl=/yaSSL-HomeDir ./configure --with-ssl=/yaSSL-BuildDir LDFLAGS=-lm
make make
......
/* engine.h for libcurl */
#undef HAVE_OPENSSL_ENGINE_H
/* pkcs12.h for libcurl */
#undef HAVE_OPENSSL_PKCS12_H
...@@ -458,6 +458,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl) ...@@ -458,6 +458,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
uint16 sz = ((b0 & 0x7f) << 8) | b1; uint16 sz = ((b0 & 0x7f) << 8) | b1;
if (sz > input.get_remaining()) {
ssl.SetError(bad_input);
return;
}
// hashHandShake manually // hashHandShake manually
const opaque* buffer = input.get_buffer() + input.get_current(); const opaque* buffer = input.get_buffer() + input.get_current();
ssl.useHashes().use_MD5().update(buffer, sz); ssl.useHashes().use_MD5().update(buffer, sz);
...@@ -681,25 +686,38 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered) ...@@ -681,25 +686,38 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
// old style sslv2 client hello? // old style sslv2 client hello?
if (ssl.getSecurity().get_parms().entity_ == server_end && if (ssl.getSecurity().get_parms().entity_ == server_end &&
ssl.getStates().getServer() == clientNull) ssl.getStates().getServer() == clientNull)
if (buffer.peek() != handshake) if (buffer.peek() != handshake) {
ProcessOldClientHello(buffer, ssl); ProcessOldClientHello(buffer, ssl);
if (ssl.GetError()) {
buffered.reset(0);
return buffered;
}
}
while(!buffer.eof()) { while(!buffer.eof()) {
// each record // each record
RecordLayerHeader hdr; RecordLayerHeader hdr;
bool needHdr = false;
if (static_cast<uint>(RECORD_HEADER) > buffer.get_remaining())
needHdr = true;
else {
buffer >> hdr; buffer >> hdr;
ssl.verifyState(hdr); ssl.verifyState(hdr);
}
// make sure we have enough input in buffer to process this record // make sure we have enough input in buffer to process this record
if (hdr.length_ > buffer.get_remaining()) { if (needHdr || hdr.length_ > buffer.get_remaining()) {
uint sz = buffer.get_remaining() + RECORD_HEADER; // put header in front for next time processing
uint extra = needHdr ? 0 : RECORD_HEADER;
uint sz = buffer.get_remaining() + extra;
buffered.reset(NEW_YS input_buffer(sz, buffer.get_buffer() + buffered.reset(NEW_YS input_buffer(sz, buffer.get_buffer() +
buffer.get_current() - RECORD_HEADER, sz)); buffer.get_current() - extra, sz));
break; break;
} }
while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) { while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
// each message in record // each message in record, can be more than 1 if not encrypted
if (ssl.getSecurity().get_parms().pending_ == false) // cipher on if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
decrypt_message(ssl, buffer, hdr.length_); decrypt_message(ssl, buffer, hdr.length_);
mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_), ysDelete); mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_), ysDelete);
...@@ -717,7 +735,7 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered) ...@@ -717,7 +735,7 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
} }
offset += hdr.length_ + RECORD_HEADER; offset += hdr.length_ + RECORD_HEADER;
} }
return buffered; // done, don't call again return buffered;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment