diff options
author | Matt Caswell <matt@openssl.org> | 2015-09-23 12:57:34 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-09-23 13:53:27 +0100 |
commit | 373dc6e196835c06f31ff34cd188471f296126c1 (patch) | |
tree | 53abd0fdca88991b382a0d95351283943ff5a738 /ssl/d1_lib.c | |
parent | 468f043ece0e7e262ee6166ae6ec1f7683d82220 (diff) | |
download | openssl-373dc6e196835c06f31ff34cd188471f296126c1.tar.gz |
Sanity check cookie_len
Add a sanity check that the cookie_len returned by app_gen_cookie_cb is
valid.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'ssl/d1_lib.c')
-rw-r--r-- | ssl/d1_lib.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 8a8ced8abb..4bdf90a657 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -754,7 +754,8 @@ int dtls1_listen(SSL *s, struct sockaddr *client) /* Generate the cookie */ if (s->ctx->app_gen_cookie_cb == NULL || - s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0) { + s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 || + cookielen > 255) { SSLerr(SSL_F_DTLS1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); /* This is fatal */ return -1; |