Commit 9bcd212d authored by unknown's avatar unknown

Import patch for yassl 1.35

 - Better check of required buffer size when processing incoming record headers


extra/yassl/README:
  Import patch yassl.diff
extra/yassl/src/handshake.cpp:
  Import patch yassl.diff
extra/yassl/include/openssl/engine.h:
  Import patch yassl.diff
extra/yassl/include/openssl/pkcs12.h:
  Import patch yassl.diff
parent df242564
yaSSL Release notes, version 1.3.0 (04/26/06)
yaSSL Release notes, version 1.3.5 (06/01/06)
This release of yaSSL contains bug fixes, portability enhancements,
better libcurl support, and improved non-blocking I/O.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0.
********************yaSSL Release notes, version 1.3.0 (04/26/06)
This release of yaSSL contains minor bug fixes, portability enhancements,
......@@ -17,8 +27,8 @@ See normal build instructions below under 1.0.6.
make
make openssl-links
(then go to your libcurl home and tell libcurl about yaSSL)
./configure --with-ssl=/yaSSL-HomeDir
(then go to your libcurl home and tell libcurl about yaSSL build dir)
./configure --with-ssl=/yaSSL-BuildDir LDFLAGS=-lm
make
......
/* engine.h for libcurl */
#undef HAVE_OPENSSL_ENGINE_H
/* pkcs12.h for libcurl */
#undef HAVE_OPENSSL_PKCS12_H
......@@ -458,6 +458,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
uint16 sz = ((b0 & 0x7f) << 8) | b1;
if (sz > input.get_remaining()) {
ssl.SetError(bad_input);
return;
}
// hashHandShake manually
const opaque* buffer = input.get_buffer() + input.get_current();
ssl.useHashes().use_MD5().update(buffer, sz);
......@@ -681,25 +686,38 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
// old style sslv2 client hello?
if (ssl.getSecurity().get_parms().entity_ == server_end &&
ssl.getStates().getServer() == clientNull)
if (buffer.peek() != handshake)
if (buffer.peek() != handshake) {
ProcessOldClientHello(buffer, ssl);
if (ssl.GetError()) {
buffered.reset(0);
return buffered;
}
}
while(!buffer.eof()) {
// each record
RecordLayerHeader hdr;
bool needHdr = false;
if (static_cast<uint>(RECORD_HEADER) > buffer.get_remaining())
needHdr = true;
else {
buffer >> hdr;
ssl.verifyState(hdr);
}
// make sure we have enough input in buffer to process this record
if (hdr.length_ > buffer.get_remaining()) {
uint sz = buffer.get_remaining() + RECORD_HEADER;
if (needHdr || hdr.length_ > buffer.get_remaining()) {
// put header in front for next time processing
uint extra = needHdr ? 0 : RECORD_HEADER;
uint sz = buffer.get_remaining() + extra;
buffered.reset(NEW_YS input_buffer(sz, buffer.get_buffer() +
buffer.get_current() - RECORD_HEADER, sz));
buffer.get_current() - extra, sz));
break;
}
while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
// each message in record
// each message in record, can be more than 1 if not encrypted
if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
decrypt_message(ssl, buffer, hdr.length_);
mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_), ysDelete);
......@@ -717,7 +735,7 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
}
offset += hdr.length_ + RECORD_HEADER;
}
return buffered; // done, don't call again
return buffered;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment