check to be added to make sure that len is
not less than tot.
-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org]
Sent: 11 May 2014 18:17
To: Ajit Menon
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3320] Invalid large memory access in openssl due to a
bug
check to be added to make sure that len is
not less than tot.
-Original Message-
From: Matt Caswell via RT [mailto:r...@openssl.org]
Sent: 11 May 2014 18:17
To: Ajit Menon
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3320] Invalid large memory access in openssl due to a
bug
Hi,
This happens in the 0.9.8 branch for sure (event in the latest y version). Not
sure if it is there in 1.x versions.
The problem is with code in s3_pkt.c: the ssl3_write_bytes() function.
Within this function, there is a line, n=(len-tot). Here if 'len' is less than
'tot' then the result is a
