summaryrefslogtreecommitdiffstats
path: root/src/ssl/ssl_asn1.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/ssl_asn1.c')
-rw-r--r--src/ssl/ssl_asn1.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/ssl/ssl_asn1.c b/src/ssl/ssl_asn1.c
index eb0c725..d1ac1b6 100644
--- a/src/ssl/ssl_asn1.c
+++ b/src/ssl/ssl_asn1.c
@@ -477,13 +477,17 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
}
if (!CBS_get_optional_asn1_bool(&session, &extended_master_secret,
kExtendedMasterSecretTag,
- 0 /* default to false */)) {
+ 0 /* default to false */) ||
+ CBS_len(&session) != 0) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
goto err;
}
ret->extended_master_secret = extended_master_secret;
- /* Ignore |version|. The structure version number is ignored. */
+ if (version != SSL_SESSION_ASN1_VERSION) {
+ OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
+ goto err;
+ }
/* Only support SSLv3/TLS and DTLS. */
if ((ssl_version >> 8) != SSL3_VERSION_MAJOR &&
@@ -498,7 +502,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
goto err;
}
- ret->cipher = ssl3_get_cipher_by_value(cipher_value);
+ ret->cipher = SSL_get_cipher_by_value(cipher_value);
if (ret->cipher == NULL) {
OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER);
goto err;
generated by cgit v1.1 at 2024-12-22 16:32:17 +0000