TSG-8791: SSL解析层调用X509_get_version返回负值，SSL访问数组越界导致SAPP重启v2.0.7

author: liuxueli <[email protected]> 2021-12-03 11:55:23 +0300
committer: liuxueli <[email protected]> 2021-12-03 11:55:23 +0300
commit: ed9c9c3042d9b0d1eeacdaf325b37fbe47762f0a (patch)
tree: d4ddacd2274b42bda127509b0684db47e0245773 /src
parent: 27f6517fd3d281589dd3ac58d3d2cc2f360bd82a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/SSL_Certificate.c b/src/SSL_Certificate.c
index aa10790..60fbae3 100644
--- a/src/SSL_Certificate.c
+++ b/src/SSL_Certificate.c
@@ -1050,7 +1050,7 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 	{
 		/*version*/
 		int ver = X509_get_version(x509_handle);
-		if(ver>CERT_VER_MAXNUM) goto cert_return;
+		if(ver>CERT_VER_MAXNUM || ver<0) goto cert_return;
 		memcpy(a_ssl_stream->stSSLCert->SSLVersion, 
 				g_astCertVersions[ver].pcString, 
 				1 + strlen((const char *)g_astCertVersions[ver].pcString));
author	liuxueli <[email protected]>	2021-12-03 11:55:23 +0300
committer	liuxueli <[email protected]>	2021-12-03 11:55:23 +0300
commit	ed9c9c3042d9b0d1eeacdaf325b37fbe47762f0a (patch)
tree	d4ddacd2274b42bda127509b0684db47e0245773 /src
parent	27f6517fd3d281589dd3ac58d3d2cc2f360bd82a (diff)