I think this is the right change. However, I see that there is another "len-tot" in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK This is within the same function. I wonder whether that line is also prone to the same issue and need the same check to be added to make sure that len is not less than tot. -----Original Message----- From: Matt Caswell via RT [mailto:r...@openssl.org] Sent: 11 May 2014 18:17 To: Ajit Menon Cc: openssl-dev@openssl.org Subject: [openssl.org #3320] Invalid large memory access in openssl due to a bug on the client side I have committed Tim's fix for this: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c388d8b40cb9a3cb67401455509c1497a1a1fcb4 Similar commits on the 1.0.2, 1.0.1, 1.0.0 and 0.9.8 branches. For the master and 1.0.2 branches I think the check should actually be earlier in the function as there are other uses of tot, hence: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=971a7c5ff751d95bf33117e95a6acf2cfc951537 Setting to resolved. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
