diff -up openssl-fips-0.9.8e/ssl/d1_both.c.dtls-sizechecks openssl-fips-0.9.8e/ssl/d1_both.c
--- openssl-fips-0.9.8e/ssl/d1_both.c.dtls-sizechecks 2014-08-08 11:19:09.000000000 +0200
+++ openssl-fips-0.9.8e/ssl/d1_both.c 2014-08-08 11:29:58.457106869 +0200
@@ -549,6 +549,16 @@ dtls1_retrieve_buffered_fragment(SSL *s,
return 0;
}
+/* dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
+ * be greater if the maximum certificate list size requires it. */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+ {
+ unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+ if (max_len < (unsigned long)s->max_cert_list)
+ return s->max_cert_list;
+ return max_len;
+ }
static int
dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
@@ -587,6 +597,9 @@ dtls1_process_out_of_seq_message(SSL *s,
if (frag_len)
{
+ if (frag_len > dtls1_max_handshake_message_len(s))
+ goto err;
+
frag = dtls1_hm_fragment_new(frag_len);
if ( frag == NULL)
goto err;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
e9a386f34e92b50c02e4f03c396fbd1b
>
files
>
51
