Resize a local buffer to accomodate the size requirements of AES.

Protect against future mistakes with an assert().

Resize a local buffer to accomodate the size requirements of AES.
Protect against future mistakes with an assert().
42748c08 · Richard Levitte · 77dd9c18 · 42748c08
隐藏空白更改
内联并排

Showing with 5 addition and 1 deletion

ssl/s3_enc.c ssl/s3_enc.c +5 -1

未找到文件。
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
+#include <assert.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 #include <openssl/evp.h>
@@ -85,7 +86,7 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	{
 	MD5_CTX m5;
 	SHA_CTX s1;
-	unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
 	unsigned char c='A';
 	int i,j,k;
@@ -96,6 +97,9 @@ static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
 		{
 		k++;
+		/* If this assert is triggered, it means buf needs to be
+		   resized.  This should never be triggered in a release. */
+		assert(k <= sizeof(buf));
 		for (j=0; j<k; j++)
 			buf[j]=c;
 		c++;