diff options
author | Rich Salz <rsalz@openssl.org> | 2017-06-08 09:26:20 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-06-08 09:26:20 -0400 |
commit | 3dce109905deb869ec395eeaafdcfae08292a04c (patch) | |
tree | b46ceb254d8ac3f9da7bb287e829540de40c3e8a | |
parent | 1c036c6443af3d0d912f074b0a2c4055c804115c (diff) | |
download | openssl-3dce109905deb869ec395eeaafdcfae08292a04c.tar.gz |
Fix possible memory over-read in apps/s_client.c
a buffer returned from BIO_gets is not checked for it's length before
reading its contents.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3630)
-rw-r--r-- | apps/s_client.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 9ec7217376..84dad97a04 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2172,6 +2172,15 @@ int s_client_main(int argc, char **argv) * HTTP/d.d ddd Reason text\r\n */ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (mbuf_len < (int)strlen("HTTP/1.0 200")) { + BIO_printf(bio_err, + "%s: HTTP CONNECT failed, insufficient response " + "from proxy (got %d octets)\n", prog, mbuf_len); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + goto shut; + } if (mbuf[8] != ' ') { BIO_printf(bio_err, "%s: HTTP CONNECT failed, incorrect response " |