vendor/openssl/1.0.2l

author: Jung-uk Kim <jkim@FreeBSD.org> 2017-05-25 19:38:38 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2017-05-25 19:38:38 +0000
commit: 12df5ad9af4981f5d3c31a9819d31618c0f1af51 (patch)
tree: 97e3336a3054b8d8a0150b9d414934f73c99cb30 /ssl/s3_pkt.c
parent: 5315173646e65b5025be33013edc33eb9658e683 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 6ece87d0628c4..0290c991d8101 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -670,7 +670,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
      * promptly send beyond the end of the users buffer ... so we trap and
      * report the error in a way the user will notice
      */
-    if (len < tot) {
+    if ((len < tot) || ((wb->left != 0) && (len < (tot + s->s3->wpend_tot)))) {
         SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
         return (-1);
     }
@@ -699,6 +699,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
         len >= 4 * (int)(max_send_fragment = s->max_send_fragment) &&
         s->compress == NULL && s->msg_callback == NULL &&
         SSL_USE_EXPLICIT_IV(s) &&
+        s->enc_write_ctx != NULL &&
         EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
         EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
         unsigned char aad[13];
author	Jung-uk Kim <jkim@FreeBSD.org>	2017-05-25 19:38:38 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2017-05-25 19:38:38 +0000
commit	12df5ad9af4981f5d3c31a9819d31618c0f1af51 (patch)
tree	97e3336a3054b8d8a0150b9d414934f73c99cb30 /ssl/s3_pkt.c
parent	5315173646e65b5025be33013edc33eb9658e683 (diff)