commit | 8648f04e47986d8bf2679dc24ad144b779e9950d | [log] [tgz] |
---|---|---|
author | Paul Bakker <p.j.bakker@polarssl.org> | Wed Sep 11 13:16:28 2013 +0200 |
committer | Paul Bakker <p.j.bakker@polarssl.org> | Wed Sep 11 13:16:28 2013 +0200 |
tree | 966dd659be49d9f34014c6152d01b013d43a0e29 | |
parent | 3f5b7536546e99595c05d803b56a64c60ef0f0e4 [diff] [blame] |
Potential buffer-overflow for ssl_read_record()
diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 27f2172..a5d1cb1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c
@@ -1159,7 +1159,7 @@ /* * TLS encrypted messages can have up to 256 bytes of padding */ - if( ssl->minor_ver == SSL_MINOR_VERSION_1 && + if( ssl->minor_ver >= SSL_MINOR_VERSION_1 && ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 ) { SSL_DEBUG_MSG( 1, ( "bad message length" ) );