A fantastic way to make a large unsigned number is to assign

a small signed one to it.. Some people on OpenSSL's list
noticed - http://marc.info/?l=openssl-dev&m=139809485525663&w=2

This should fix that, and make sure we don't try to write out insane
amounts of stuff.
ok miod@ tedu@

diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 5ef25a4..2a88b14 100644 (file)
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -564,6 +564,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                }
        }
 
+       if (len < tot)
+               len = tot;
        n = (len - tot);
        for (;;) {
                if (n > s->max_send_fragment)

diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index 5ef25a4..2a88b14 100644 (file)
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -564,6 +564,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                }
        }
 
+       if (len < tot)
+               len = tot;
        n = (len - tot);
        for (;;) {
                if (n > s->max_send_fragment)