List:Commits« Previous MessageNext Message »
From:serg Date:January 11 2008 1:20pm
Subject:bk commit into 5.0 tree (serg:1.2490) BUG#33814
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of mysqldev. When mysqldev does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-01-11 13:20:03+01:00, serg@stripped +3 -0
  Bug#33814 - yassl problems

  extra/yassl/src/handshake.cpp@stripped, 2008-01-11 13:07:51+01:00, serg@stripped +5 -0
    Bug#33814 - yassl problems

  extra/yassl/src/template_instnt.cpp@stripped, 2008-01-11 13:19:24+01:00, serg@stripped +1
-0
    new template instantiation

  extra/yassl/src/yassl_imp.cpp@stripped, 2008-01-11 13:08:06+01:00, serg@stripped +10 -1
    Bug#33814 - yassl problems

diff -Nrup a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
--- a/extra/yassl/src/handshake.cpp	2007-01-25 19:34:38 +01:00
+++ b/extra/yassl/src/handshake.cpp	2008-01-11 13:07:51 +01:00
@@ -527,6 +527,11 @@ void ProcessOldClientHello(input_buffer&
     input.read(len, sizeof(len));
     uint16 randomLen;
     ato16(len, randomLen);
+    if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
+        randomLen > RAN_LEN) {
+        ssl.SetError(bad_input);
+        return;
+    }
 
     int j = 0;
     for (uint16 i = 0; i < ch.suite_len_; i += 3) {    
diff -Nrup a/extra/yassl/src/template_instnt.cpp b/extra/yassl/src/template_instnt.cpp
--- a/extra/yassl/src/template_instnt.cpp	2006-09-27 14:27:49 +02:00
+++ b/extra/yassl/src/template_instnt.cpp	2008-01-11 13:19:24 +01:00
@@ -101,6 +101,7 @@ template void ysArrayDelete<unsigned cha
 template void ysArrayDelete<char>(char*);
 
 template int min<int>(int, int);
+template uint16 min<uint16>(uint16, uint16);
 template unsigned int min<unsigned int>(unsigned int, unsigned int);
 template unsigned long min<unsigned long>(unsigned long, unsigned long);
 }
diff -Nrup a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
--- a/extra/yassl/src/yassl_imp.cpp	2006-11-09 21:20:56 +01:00
+++ b/extra/yassl/src/yassl_imp.cpp	2008-01-11 13:08:06 +01:00
@@ -621,6 +621,10 @@ void HandShakeHeader::Process(input_buff
     }
 
     uint len = c24to32(length_);
+    if (len > input.get_remaining()) {
+        ssl.SetError(bad_input);
+        return;
+    }
     hashHandShake(ssl, input, len);
 
     hs->set_length(len);
@@ -1391,10 +1395,15 @@ input_buffer& operator>>(input_buffer& i
     
     // Suites
     byte tmp[2];
+    uint16 len;
     tmp[0] = input[AUTO];
     tmp[1] = input[AUTO];
-    ato16(tmp, hello.suite_len_);
+    ato16(tmp, len);
+
+    hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ));
     input.read(hello.cipher_suites_, hello.suite_len_);
+    if (len > hello.suite_len_) // ignore extra suites
+        input.set_current(input.get_current() + len -  hello.suite_len_);
 
     // Compression
     hello.comp_len_ = input[AUTO];
Thread
bk commit into 5.0 tree (serg:1.2490) BUG#33814serg11 Jan