Bug 934016: Handle invalid handshake packets, r=wtc
authorRyan Sleevi <ryan.sleevi@gmail.com>
Fri, 01 Nov 2013 18:53:34 -0700
changeset 10903 e79a09364b5e
parent 10902 25745a91e8ae
child 10904 0560a4f7312a
push id198
push userryan.sleevi@gmail.com
push date2013-11-02 01:53 +0000
reviewerswtc
bugs934016
Bug 934016: Handle invalid handshake packets, r=wtc
lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -814,16 +814,21 @@ count_cipher_suites(sslSocket *ss, int p
 /*
  * Null compression, mac and encryption functions
  */
 
 static SECStatus
 Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
 	    const unsigned char *input, int inputLen)
 {
+    if (inputLen > maxOutputLen) {
+        *outputLen = 0;  /* Match PK11_CipherOp in setting outputLen */
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
     *outputLen = inputLen;
     if (input != output)
 	PORT_Memcpy(output, input, inputLen);
     return SECSuccess;
 }
 
 /*
  * SSL3 Utility functions