Fix unhandled error condition in sslv2 client hello parsing.

--strict-warnings started showing warnings for this today... Surely an error should be raised if these reads fail? Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Fix unhandled error condition in sslv2 client hello parsing.
--strict-warnings started showing warnings for this today... Surely an error should be raised if these reads fail? Reviewed-by: N Tim Hudson <tjh@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
6c3cca57 · Adam Eijdenberg · e77bdc73 · 6c3cca57
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

ssl/s3_srvr.c ssl/s3_srvr.c +3 -0

未找到文件。
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1014,6 +1014,9 @@ int ssl3_get_client_hello(SSL *s)
        if (!PACKET_get_net_2(&pkt, &csl)
                || !PACKET_get_net_2(&pkt, &sil)
                || !PACKET_get_net_2(&pkt, &cl)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
        }

        if (csl == 0) {