Gilles Peskine b64bf0638f Parse HelloVerifyRequest: avoid buffer overread at the start ...

In ssl_parse_hello_verify_request, we read 3 bytes (version and cookie
length) without checking that there are that many bytes left in
ssl->in_msg. This could potentially read from memory outside of the
ssl->receive buffer (which would be a remotely exploitable
crash).

2019-09-27 14:02:44 +02:00

136 KiB

Raw Blame History

View Raw