kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix the alias checks in dtls_record.c.

Browse Source 
I forgot to save this file.

Change-Id: I8540839fac2a7f426aebd7f2cb85baba337efd37
Reviewed-on: https://boringssl-review.googlesource.com/8234
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-06-09 16:38:00 -04:00 committed by Adam Langley
parent bf1905a910
commit 95d7a498cc
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ssl/dtls_record.c
View File

@ -118,6 +118,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include "internal.h" #include "internal.h"
#include "../crypto/internal.h"
/* to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as /* to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as
@ -251,6 +252,11 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type, CBS *out,
int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
uint8_t type, const uint8_t *in, size_t in_len, uint8_t type, const uint8_t *in, size_t in_len,
enum dtls1_use_epoch_t use_epoch) { enum dtls1_use_epoch_t use_epoch) {
if (buffers_alias(in, in_len, out, max_out)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
return 0;
}
/* Determine the parameters for the current epoch. */ /* Determine the parameters for the current epoch. */
uint16_t epoch = ssl->d1->w_epoch; uint16_t epoch = ssl->d1->w_epoch;
SSL_AEAD_CTX *aead = ssl->s3->aead_write_ctx; SSL_AEAD_CTX *aead = ssl->s3->aead_write_ctx;
@ -268,12 +274,6 @@ int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL); OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
return 0; return 0;
} }
/* Check the record header does not alias any part of the input.
* |SSL_AEAD_CTX_seal| will internally enforce other aliasing requirements. */
if (in < out + DTLS1_RT_HEADER_LENGTH && out < in + in_len) {
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
return 0;
}
out[0] = type; out[0] = type;