diff options
author | Adam Langley <agl@google.com> | 2015-06-12 16:28:27 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-06-12 16:28:27 +0000 |
commit | 9701a2fbe20a18d08253e84e8ec39d94db5376e0 (patch) | |
tree | 26c038b10145f502cb98f5675516a7ed6bd27fdb /src/ssl/ssl_asn1.c | |
parent | 82ea518198c8ce74418c90597ccf8f444d1154ab (diff) | |
parent | 53b272a2813a0b11f107d77100ff8805ada8fbd2 (diff) | |
download | external_boringssl-9701a2fbe20a18d08253e84e8ec39d94db5376e0.zip external_boringssl-9701a2fbe20a18d08253e84e8ec39d94db5376e0.tar.gz external_boringssl-9701a2fbe20a18d08253e84e8ec39d94db5376e0.tar.bz2 |
am 53b272a2: Bump revision of BoringSSL.
* commit '53b272a2813a0b11f107d77100ff8805ada8fbd2':
Bump revision of BoringSSL.
Diffstat (limited to 'src/ssl/ssl_asn1.c')
-rw-r--r-- | src/ssl/ssl_asn1.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/ssl/ssl_asn1.c b/src/ssl/ssl_asn1.c index eb0c725..d1ac1b6 100644 --- a/src/ssl/ssl_asn1.c +++ b/src/ssl/ssl_asn1.c @@ -477,13 +477,17 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { } if (!CBS_get_optional_asn1_bool(&session, &extended_master_secret, kExtendedMasterSecretTag, - 0 /* default to false */)) { + 0 /* default to false */) || + CBS_len(&session) != 0) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION); goto err; } ret->extended_master_secret = extended_master_secret; - /* Ignore |version|. The structure version number is ignored. */ + if (version != SSL_SESSION_ASN1_VERSION) { + OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION); + goto err; + } /* Only support SSLv3/TLS and DTLS. */ if ((ssl_version >> 8) != SSL3_VERSION_MAJOR && @@ -498,7 +502,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH); goto err; } - ret->cipher = ssl3_get_cipher_by_value(cipher_value); + ret->cipher = SSL_get_cipher_by_value(cipher_value); if (ret->cipher == NULL) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER); goto err; |