safety check to ensure we dont send out beyond the users buffer
This commit is contained in:
Tim Hudson
Matt Caswell
parent
d61be85581
commit
4d8cca8a7e
1 changed files with 16 additions and 0 deletions
16
ssl/s3_pkt.c
16
ssl/s3_pkt.c
|
|
@ -598,6 +598,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
|
|||
}
|
||||
}
|
||||
|
||||
/* ensure that if we end up with a smaller value of data to write
|
||||
* out than the the original len from a write which didn't complete
|
||||
* for non-blocking I/O and also somehow ended up avoiding
|
||||
* the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
|
||||
* it must never be possible to end up with (len-tot) as a large
|
||||
* number that will then promptly send beyond the end of the users
|
||||
* buffer ... so we trap and report the error in a way the user
|
||||
* will notice
|
||||
*/
|
||||
if ( len < tot)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
|
||||
return(-1);
|
||||
}
|
||||
|
||||
|
||||
n=(len-tot);
|
||||
for (;;)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue