feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Output buffer size check when sending transmit pool.

Browse Source 
1. Added a call to CheckAvailableSize() when sending the DTLS transmit pool.
2. Rename CheckAvailableSize().
This commit is contained in:
John Safranek
2013-05-13 12:32:47 -07:00
parent 9905787f4a
commit ac716c96d3
3 changed files with 37 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cyassl/internal.h
View File

@@ -1862,7 +1862,7 @@ CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
const byte* sender); const byte* sender);
CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep); CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
CYASSL_LOCAL int CheckAvalaibleSize(CYASSL *ssl, int size); CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size);
CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength); CYASSL_LOCAL int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
#ifndef NO_TLS #ifndef NO_TLS

66
src/internal.c
View File

@@ -1821,6 +1821,7 @@ int DtlsPoolTimeout(CYASSL* ssl)
int DtlsPoolSend(CYASSL* ssl) int DtlsPoolSend(CYASSL* ssl)
{ {
int ret;
DtlsPool *pool = ssl->dtls_pool; DtlsPool *pool = ssl->dtls_pool;
if (pool != NULL && pool->used > 0) { if (pool != NULL && pool->used > 0) {
@@ -1837,6 +1838,9 @@ int DtlsPoolSend(CYASSL* ssl)
c16toa(ssl->keys.dtls_epoch, dtls->epoch); c16toa(ssl->keys.dtls_epoch, dtls->epoch);
c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number); c32to48(ssl->keys.dtls_sequence_number++, dtls->sequence_number);
if ((ret = CheckAvailableSize(ssl, buf->length)) != 0)
return ret;
XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length); XMEMCPY(ssl->buffers.outputBuffer.buffer, buf->buffer, buf->length);
ssl->buffers.outputBuffer.idx = 0; ssl->buffers.outputBuffer.idx = 0;
ssl->buffers.outputBuffer.length = buf->length; ssl->buffers.outputBuffer.length = buf->length;
@@ -2515,8 +2519,8 @@ int GrowInputBuffer(CYASSL* ssl, int size, int usedLength)
} }
/* check avalaible size into output buffer, make room if needed */ /* check available size into output buffer, make room if needed */
int CheckAvalaibleSize(CYASSL *ssl, int size) int CheckAvailableSize(CYASSL *ssl, int size)
{ {
if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
< (word32)size) { < (word32)size) {
@@ -4726,7 +4730,7 @@ int SendChangeCipher(CYASSL* ssl)
#endif #endif
/* check for avalaible size */ /* check for avalaible size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -5011,8 +5015,8 @@ int SendFinished(CYASSL* ssl)
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0) if ((ret = CheckAvailableSize(ssl, sizeof(input) + MAX_MSG_EXTRA)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -5100,8 +5104,8 @@ int SendCertificate(CYASSL* ssl)
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -5177,8 +5181,8 @@ int SendCertificateRequest(CYASSL* ssl)
i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -5279,8 +5283,8 @@ int SendData(CYASSL* ssl, const void* data, int sz)
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, len + COMP_EXTRA + if ((ret = CheckAvailableSize(ssl, len + COMP_EXTRA +
MAX_MSG_EXTRA)) != 0) MAX_MSG_EXTRA)) != 0)
return ssl->error = ret; return ssl->error = ret;
@@ -5401,8 +5405,8 @@ int SendAlert(CYASSL* ssl, int severity, int type)
dtlsExtra = DTLS_RECORD_EXTRA; dtlsExtra = DTLS_RECORD_EXTRA;
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, if ((ret = CheckAvailableSize(ssl,
ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0) ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra)) != 0)
return ret; return ret;
@@ -6707,8 +6711,8 @@ int SetCipherList(Suites* s, const char* list)
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -7488,8 +7492,8 @@ int SetCipherList(Suites* s, const char* list)
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -7562,8 +7566,8 @@ int SetCipherList(Suites* s, const char* list)
if (ssl->options.sendVerify == SEND_BLANK_CERT) if (ssl->options.sendVerify == SEND_BLANK_CERT)
return 0; /* sent blank cert, can't verify */ return 0; /* sent blank cert, can't verify */
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, MAX_CERT_VERIFY_SZ)) != 0) if ((ret = CheckAvailableSize(ssl, MAX_CERT_VERIFY_SZ)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -7779,8 +7783,8 @@ int SetCipherList(Suites* s, const char* list)
+ SUITE_LEN + SUITE_LEN
+ ENUM_LEN; + ENUM_LEN;
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, MAX_HELLO_SZ)) != 0) if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -7915,8 +7919,8 @@ int SetCipherList(Suites* s, const char* list)
idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -8035,8 +8039,8 @@ int SetCipherList(Suites* s, const char* list)
preSigIdx = idx; preSigIdx = idx;
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) { if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
#ifndef NO_RSA #ifndef NO_RSA
FreeRsaKey(&rsaKey); FreeRsaKey(&rsaKey);
#endif #endif
@@ -8307,8 +8311,8 @@ int SetCipherList(Suites* s, const char* list)
preSigIdx = idx; preSigIdx = idx;
} }
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) { if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
FreeRsaKey(&rsaKey); FreeRsaKey(&rsaKey);
return ret; return ret;
} }
@@ -9539,8 +9543,8 @@ int SetCipherList(Suites* s, const char* list)
if (ssl->options.dtls) if (ssl->options.dtls)
sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
#endif #endif
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */
@@ -9580,8 +9584,8 @@ int SetCipherList(Suites* s, const char* list)
int sendSz = length + idx; int sendSz = length + idx;
int ret; int ret;
/* check for avalaible size */ /* check for available size */
if ((ret = CheckAvalaibleSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;
/* get ouput buffer */ /* get ouput buffer */

2
src/sniffer.c
View File

@@ -2331,7 +2331,7 @@ doMessage:
/* decrypt if needed */ /* decrypt if needed */
if ((session->flags.side == SERVER_END && session->flags.serverCipherOn) if ((session->flags.side == SERVER_END && session->flags.serverCipherOn)
|| (session->flags.side == CLIENT_END && session->flags.clientCipherOn)) { || (session->flags.side == CLIENT_END && session->flags.clientCipherOn)) {
if (CheckAvalaibleSize(ssl, rhSize) < 0) { if (CheckAvailableSize(ssl, rhSize) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }