safety check to ensure we dont send out beyond the users buffer
(Imported from upstream's 011ee91105f00cb2465110ce6431b11b51556d08 and f2ebe2a60eacf3e348898175be82971b57d72327)
This commit is contained in:
Adam Langley
parent
f77452c572
commit
9611cfcb9f
15
ssl/s3_pkt.c
15
ssl/s3_pkt.c
@ -590,6 +590,21 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ensure that if we end up with a smaller value of data to write
|
||||||
|
* out than the the original len from a write which didn't complete
|
||||||
|
* for non-blocking I/O and also somehow ended up avoiding
|
||||||
|
* the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
|
||||||
|
* it must never be possible to end up with (len-tot) as a large
|
||||||
|
* number that will then promptly send beyond the end of the users
|
||||||
|
* buffer ... so we trap and report the error in a way the user
|
||||||
|
* will notice
|
||||||
|
*/
|
||||||
|
if ( len < tot)
|
||||||
|
{
|
||||||
|
OPENSSL_PUT_ERROR(SSL, ssl3_write_bytes, SSL_R_BAD_LENGTH);
|
||||||
|
return(-1);
|
||||||
|
}
|
||||||
|
|
||||||
n=(len-tot);
|
n=(len-tot);
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user