mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Sanity check cookie_len
Add a sanity check that the cookie_len returned by app_gen_cookie_cb is valid. Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
parent
468f043ece
commit
373dc6e196
@ -754,7 +754,8 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
|
||||
|
||||
/* Generate the cookie */
|
||||
if (s->ctx->app_gen_cookie_cb == NULL ||
|
||||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0) {
|
||||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
|
||||
cookielen > 255) {
|
||||
SSLerr(SSL_F_DTLS1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
|
||||
/* This is fatal */
|
||||
return -1;
|
||||
|
@ -888,9 +888,10 @@ int dtls1_send_hello_verify_request(SSL *s)
|
||||
|
||||
if (s->ctx->app_gen_cookie_cb == NULL ||
|
||||
s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
|
||||
&(s->d1->cookie_len)) == 0) {
|
||||
&(s->d1->cookie_len)) == 0 ||
|
||||
s->d1->cookie_len > 255) {
|
||||
SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
|
||||
s->state = SSL_ST_ERR;
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user