safety check to ensure we dont send out beyond the users buffer

This commit is contained in:
Tim Hudson 2014-05-11 13:29:59 +01:00 committed by Matt Caswell
parent c3cd9be01f
commit 0552cbcdaa

View file

@ -597,6 +597,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
}
}
/* ensure that if we end up with a smaller value of data to write
* out than the the original len from a write which didn't complete
* for non-blocking I/O and also somehow ended up avoiding
* the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
* it must never be possible to end up with (len-tot) as a large
* number that will then promptly send beyond the end of the users
* buffer ... so we trap and report the error in a way the user
* will notice
*/
if ( len < tot)
{
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
return(-1);
}
n=(len-tot);
for (;;)
{