Add a length check in ssl_derive_keys()

commit: 7cfdcb8c7f8e8a0a39b7e90478f8870510fc3d1a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat Jan 18 18:22:55 2014 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Jan 22 12:56:22 2014 +0100
tree: 868b4a1d7f740f64a0a8e3cc14ed888347da04cf
parent: 2f5217ea0221958e1c37390733c9dde421490553 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e738028..7c7adbc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -596,6 +596,12 @@
 #if defined(POLARSSL_SSL_PROTO_SSL3)
     if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
     {
+        if( transform->maclen > sizeof transform->mac_enc )
+        {
+            SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
+
         memcpy( transform->mac_enc, mac_enc, transform->maclen );
         memcpy( transform->mac_dec, mac_dec, transform->maclen );
     }
commit	7cfdcb8c7f8e8a0a39b7e90478f8870510fc3d1a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sat Jan 18 18:22:55 2014 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Jan 22 12:56:22 2014 +0100
tree	868b4a1d7f740f64a0a8e3cc14ed888347da04cf
parent	2f5217ea0221958e1c37390733c9dde421490553 [diff] [blame]