Safer buffer comparisons in the SSL modules
This commit is contained in:
parent
291f9af935
commit
31ff1d2e4f
4 changed files with 41 additions and 17 deletions
|
@ -628,11 +628,13 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
|||
}
|
||||
else
|
||||
{
|
||||
/* Check verify-data in constant-time. The length OTOH is no secret */
|
||||
if( len != 1 + ssl->verify_data_len * 2 ||
|
||||
buf[0] != ssl->verify_data_len * 2 ||
|
||||
memcmp( buf + 1, ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
|
||||
memcmp( buf + 1 + ssl->verify_data_len,
|
||||
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
|
||||
safer_memcmp( buf + 1,
|
||||
ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
|
||||
safer_memcmp( buf + 1 + ssl->verify_data_len,
|
||||
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue