On 14 Apr 2014, at 08:33, Me <ugobejishv...@gmail.com> wrote: > possible vulnerable file: openssl-1.0.1g/ssl/d1_clnt.c > Line: 155 unsigned char sctpauthkey[64]; > > fixed sized arrays can be overflowed. To fix the problem, use functions that > limit length, or ensure that the size is larger than the maximum possible > length. It's avoid us attack like buffer overflow! Hi,
as far as I read the code, the variable sctpauthkey is filled via SSL_export_keying_material(s, sctpauthkey, sizeof(sctpauthkey), labelbuffer, sizeof(labelbuffer), NULL, 0, 0); which only fills in sizeof(sctpauthkey) bytes. It is then used in BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); which is also fine, I think. The constant 64 comes from the second sentence in https://tools.ietf.org/html/rfc6083#section-4.8 Please let me know how an overflow can happen. Best regards Michael > > Best Regards! > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
