Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch.

2025-04-30 19:54:39 +00:00 · 2000-12-18 11:35:32 +00:00 · 2000-12-18 11:35:32 +00:00 · 3880cd35ad
commit 3880cd35ad
parent cb38052b3a
4 changed files with 36 additions and 8 deletions
--- a/5
+++ b/5
@ -3,6 +3,11 @@
 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
     when writing a 32767 byte record.
     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
     obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
     structures and setting rsa->_method_mod_{n,p,q}.
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@ -273,10 +273,16 @@ int ssl2_new(SSL *s)
 	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
 	memset(s2,0,sizeof *s2);
 #if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
 #  error "assertion failed"
 #endif
 	if ((s2->rbuf=OPENSSL_malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
 	/* wbuf needs one byte more because when using two-byte headers,
 	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
 	if ((s2->wbuf=OPENSSL_malloc(
-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
 	s->s2=s2;
 	ssl2_clear(s);
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@ -541,6 +541,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 		{
 		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
 		j=len+mac_size;
 		/* Two-byte headers allow for a larger record length than
 		 * three-byte headers, but we can't use them if we need
 		 * padding or if we have to set the escape bit. */
 		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
 			(!s->s2->escape))
 			{
@ -556,25 +559,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		else if ((bs <= 1) && (!s->s2->escape))
 			{
-			/* len=len; */
+			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
 			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
 			s->s2->three_byte_header=0;
 			p=0;
 			}
-		else /* 3 byte header */
+		else /* we may have to use a 3 byte header */
 			{
-			/*len=len; */
+			/* If s->s2->escape is not set, then
 			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
 			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
 			p=(j%bs);
 			p=(p == 0)?0:(bs-p);
 			if (s->s2->escape)
 				{
 				s->s2->three_byte_header=1;
 				if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
 					j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
 				}
 			else
 				s->s2->three_byte_header=(p == 0)?0:1;
 			}
 		}
 	/* Now
 	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
 	 * holds, and if s->s2->three_byte_header is set, then even
 	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
 	 */
 	/* mac_size is the number of MAC bytes
 	 * len is the number of data bytes we are going to send
 	 * p is the number of padding bytes
-	 * if p == 0, it is a 2 byte header */
+	 * (if it is a two-byte header, then p == 0) */
 	s->s2->wlength=len;
 	s->s2->padding=p;
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@ -134,11 +134,11 @@ extern "C" {
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
 #ifdef MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)29998
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u
 #else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)32767 
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
 #endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /**/
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */
 #define SSL2_CHALLENGE_LENGTH	16
 /*#define SSL2_CHALLENGE_LENGTH	32 */