From: Date: January 11 2008 12:34pm Subject: bk commit into 5.1 tree (serg:1.2504) BUG#33814 List-Archive: http://lists.mysql.com/commits/40904 X-Bug: 33814 Message-Id: <20080111113419.7561.qmail@janus.mylan> Below is the list of changes that have just been committed into a local 5.1 repository of serg. When serg does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2008-01-11 12:34:12+01:00, serg@stripped +4 -0 Bug#33814 - yassl problems BitKeeper/etc/ignore@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +1 -0 Added libmysqld/sql_profile.cc to the ignore list extra/yassl/src/handshake.cpp@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +5 -0 Bug#33814 - yassl problems extra/yassl/src/template_instnt.cpp@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +3 -2 new template instantiation extra/yassl/src/yassl_imp.cpp@stripped, 2008-01-11 12:34:07+01:00, serg@stripped +10 -1 Bug#33814 - yassl problems diff -Nrup a/BitKeeper/etc/ignore b/BitKeeper/etc/ignore --- a/BitKeeper/etc/ignore 2007-12-13 12:49:43 +01:00 +++ b/BitKeeper/etc/ignore 2008-01-11 12:34:07 +01:00 @@ -3012,3 +3012,4 @@ win/vs8cache.txt ylwrap zlib/*.ds? zlib/*.vcproj +libmysqld/sql_profile.cc diff -Nrup a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp --- a/extra/yassl/src/handshake.cpp 2007-08-28 09:57:52 +02:00 +++ b/extra/yassl/src/handshake.cpp 2008-01-11 12:34:07 +01:00 @@ -527,6 +527,11 @@ void ProcessOldClientHello(input_buffer& input.read(len, sizeof(len)); uint16 randomLen; ato16(len, randomLen); + if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN || + randomLen > RAN_LEN) { + ssl.SetError(bad_input); + return; + } int j = 0; for (uint16 i = 0; i < ch.suite_len_; i += 3) { diff -Nrup a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp --- a/extra/yassl/src/template_instnt.cpp 2007-01-29 17:54:36 +01:00 +++ b/extra/yassl/src/template_instnt.cpp 2008-01-11 12:34:07 +01:00 @@ -101,8 +101,9 @@ template void ysArrayDelete(char*); template int min(int, int); -template unsigned int min(unsigned int, unsigned int); -template unsigned long min(unsigned long, unsigned long); +template uint16 min(uint16, uint16); +template uint min(uint, uint); +template size_t min(size_t, size_t); } #endif // HAVE_EXPLICIT_TEMPLATE_INSTANTIATION diff -Nrup a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp --- a/extra/yassl/src/yassl_imp.cpp 2007-01-29 17:54:36 +01:00 +++ b/extra/yassl/src/yassl_imp.cpp 2008-01-11 12:34:07 +01:00 @@ -621,6 +621,10 @@ void HandShakeHeader::Process(input_buff } uint len = c24to32(length_); + if (len > input.get_remaining()) { + ssl.SetError(bad_input); + return; + } hashHandShake(ssl, input, len); hs->set_length(len); @@ -1391,10 +1395,15 @@ input_buffer& operator>>(input_buffer& i // Suites byte tmp[2]; + uint16 len; tmp[0] = input[AUTO]; tmp[1] = input[AUTO]; - ato16(tmp, hello.suite_len_); + ato16(tmp, len); + + hello.suite_len_ = min(len, static_cast(MAX_SUITE_SZ)); input.read(hello.cipher_suites_, hello.suite_len_); + if (len > hello.suite_len_) // ignore extra suites + input.set_current(input.get_current() + len - hello.suite_len_); // Compression hello.comp_len_ = input[AUTO];