kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't serialize negative times and timeouts.

Browse Source 
The values are long, so check for negative numbers.

Change-Id: I8fc7333edbed50dc058547a4b53bc10b234071b4
Reviewed-on: https://boringssl-review.googlesource.com/12100
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-11-02 23:05:14 -04:00 committed by Adam Langley
parent 11a7b3c2d9
commit 0f31ac7566
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/ssl_asn1.c
View File

@ -197,6 +197,11 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
}
if (in->time != 0) {
if (in->time < 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
goto err;
}
if (!CBB_add_asn1(&session, &child, kTimeTag) ||
!CBB_add_asn1_uint64(&child, in->time)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
@ -205,6 +210,11 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
}
if (in->timeout != 0) {
if (in->timeout < 0) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
goto err;
}
if (!CBB_add_asn1(&session, &child, kTimeoutTag) ||
!CBB_add_asn1_uint64(&child, in->timeout)) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);