CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2014/09/22 06:36:06
Modified files:
lib/libssl/src/ssl: s3_both.c
Log message:
It is possible (although unlikely in practice) for peer_finish_md_len to
end up with a value of zero, primarily since ssl3_take_mac() fails to check
the return value from the final_finish_mac() call. This would then mean that
an SSL finished message with a zero-byte payload would successfully match
against the calculated finish MAC.
Avoid this by checking the length of peer_finish_md_len and the SSL
finished message payload, against the known length already stored in
the SSL3_ENC_METHOD finish_mac_length field (making use of a previously
unused field).
ok miod@ (a little while back)
