Added error checking for len argument in cbs_get_u().

author doug <doug@openbsd.org>

Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)

committer doug <doug@openbsd.org>

Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)
author doug <doug@openbsd.org>
Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)
committer doug <doug@openbsd.org>
Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)
diff --git a/lib/libssl/bs_cbs.c b/lib/libssl/bs_cbs.c

index 25305b9..fc2eaff 100644 (file)
--- a/lib/libssl/bs_cbs.c
+++ b/lib/libssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: bs_cbs.c,v 1.4 2015/04/29 01:16:06 doug Exp $ */
+/*     $OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $ */
  /*
   * Copyright (c) 2014, Google Inc.
   *
@@ -110,6 +110,9 @@ cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
         size_t i;
         const uint8_t *data;
  
+       if (len < 1 || len > 4)
+               return 0;
+
         if (!cbs_get(cbs, &data, len))
                 return 0;
  
diff --git a/lib/libssl/src/ssl/bs_cbs.c b/lib/libssl/src/ssl/bs_cbs.c

index 25305b9..fc2eaff 100644 (file)
--- a/lib/libssl/src/ssl/bs_cbs.c
+++ b/lib/libssl/src/ssl/bs_cbs.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: bs_cbs.c,v 1.4 2015/04/29 01:16:06 doug Exp $ */
+/*     $OpenBSD: bs_cbs.c,v 1.5 2015/04/29 01:23:20 doug Exp $ */
  /*
   * Copyright (c) 2014, Google Inc.
   *
@@ -110,6 +110,9 @@ cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
         size_t i;
         const uint8_t *data;
  
+       if (len < 1 || len > 4)
+               return 0;
+
         if (!cbs_get(cbs, &data, len))
                 return 0;
author	doug <doug@openbsd.org>
	Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)
committer	doug <doug@openbsd.org>
	Wed, 29 Apr 2015 01:23:20 +0000 (01:23 +0000)
lib/libssl/bs_cbs.c		patch \| blob \| history
lib/libssl/src/ssl/bs_cbs.c		patch \| blob \| history