Check SRP parameters early. Check SRP parameters when they are received so we can send back an appropriate alert. Reviewed-by: Kurt Roeckx <kurt@openssl.org>

commit: 0989790b87efcfd40ae6770f11af28a005df28ac [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Sun Aug 03 21:25:22 2014 +0100
committer: Matt Caswell <matt@openssl.org> Wed Aug 06 20:36:41 2014 +0100
tree: 0954874c9e1dc6b4360288ac37842e689073fe10
parent: 4a23b12a031860253b58d503f296377ca076427b [diff] [blame]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0a006a7..09fe64e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -1570,6 +1570,12 @@
 		p+=i;
 		n-=param_len;
 
+		if (!srp_verify_server_param(s, &al))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
+			goto f_err;
+			}
+
 /* We must check if there is a certificate */
 #ifndef OPENSSL_NO_RSA
 		if (alg_a & SSL_aRSA)
commit	0989790b87efcfd40ae6770f11af28a005df28ac	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Sun Aug 03 21:25:22 2014 +0100
committer	Matt Caswell <matt@openssl.org>	Wed Aug 06 20:36:41 2014 +0100
tree	0954874c9e1dc6b4360288ac37842e689073fe10
parent	4a23b12a031860253b58d503f296377ca076427b [diff] [blame]