提交 c388d8b4 编写于 作者: T Tim Hudson 提交者: Matt Caswell

safety check to ensure we dont send out beyond the users buffer

上级 c4afc40a
......@@ -816,6 +816,21 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
return tot;
}
/* ensure that if we end up with a smaller value of data to write
* out than the the original len from a write which didn't complete
* for non-blocking I/O and also somehow ended up avoiding
* the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
* it must never be possible to end up with (len-tot) as a large
* number that will then promptly send beyond the end of the users
* buffer ... so we trap and report the error in a way the user
* will notice
*/
if ( len < tot)
{
SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
return(-1);
}
n=(len-tot);
for (;;)
{
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册