Gilles Peskine d5c4a7cc11 Parse HelloVerifyRequest: avoid buffer overread at the start ...

In ssl_parse_hello_verify_request, we read 3 bytes (version and cookie
length) without checking that there are that many bytes left in
ssl->in_msg. This could potentially read from memory outside of the
ssl->receive buffer (which would be a remotely exploitable
crash).

2019-11-21 14:09:49 +01:00

121 KiB

Raw Blame History

View Raw