История изменений

X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=bcb99b819dadaebdf2c8f88d92ee9024c45f9df3;hp=a2e2475d136f33fa26958fd192b8ace158c4899d;hb=731f431497f463f3a2a97236fe0187b11c44aead;hpb=4e6c12f3088d3ee5747ec9e16d03fc671b8f40be;ds=sidebyside

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a2e2475..bcb99b8 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3969,16 +3969,20 @@ tls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
-	/* Read type and payload length first */
-	hbtype = *p++;
-	n2s(p, payload);
-	pl = p;
-
 	if (s->msg_callback)
 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 			&s->s3->rrec.data[0], s->s3->rrec.length,
 			s, s->msg_callback_arg);
 
+	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
+	hbtype = *p++;
+	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
+	pl = p;
+
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;