Import patch for yassl 1.35

- Better check of required buffer size when processing incoming record headers


extra/yassl/README:
  Import patch yassl.diff
extra/yassl/src/handshake.cpp:
  Import patch yassl.diff
extra/yassl/include/openssl/engine.h:
  Import patch yassl.diff
extra/yassl/include/openssl/pkcs12.h:
  Import patch yassl.diff

extra/yassl/README

@@ -1,4 +1,14 @@
-yaSSL Release notes, version 1.3.0 (04/26/06)
+yaSSL Release notes, version 1.3.5 (06/01/06)
+
+
+    This release of yaSSL contains bug fixes, portability enhancements,
+    better libcurl support, and improved non-blocking I/O.
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.3.0 (04/26/06)
 
 
     This release of yaSSL contains minor bug fixes, portability enhancements,
@@ -17,8 +27,8 @@ See normal build instructions below under 1.0.6.
     make
     make openssl-links
 
-    (then go to your libcurl home and tell libcurl about yaSSL)
-    ./configure --with-ssl=/yaSSL-HomeDir
+    (then go to your libcurl home and tell libcurl about yaSSL build dir)
+    ./configure --with-ssl=/yaSSL-BuildDir LDFLAGS=-lm
     make
 
 

extra/yassl/include/openssl/engine.h

@@ -0,0 +1,5 @@
+/* engine.h for libcurl */
+
+#undef HAVE_OPENSSL_ENGINE_H
+
+

extra/yassl/include/openssl/pkcs12.h

@@ -0,0 +1,5 @@
+/* pkcs12.h for libcurl */
+
+
+#undef HAVE_OPENSSL_PKCS12_H
+

extra/yassl/src/handshake.cpp

@@ -458,6 +458,11 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
 
     uint16 sz = ((b0 & 0x7f) << 8) | b1;
 
+    if (sz > input.get_remaining()) {
+        ssl.SetError(bad_input);
+        return;
+    }
+
     // hashHandShake manually
     const opaque* buffer = input.get_buffer() + input.get_current();
     ssl.useHashes().use_MD5().update(buffer, sz);
@@ -681,25 +686,38 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
     // old style sslv2 client hello?
     if (ssl.getSecurity().get_parms().entity_ == server_end &&
                   ssl.getStates().getServer() == clientNull) 
-        if (buffer.peek() != handshake)
+        if (buffer.peek() != handshake) {
             ProcessOldClientHello(buffer, ssl);
+            if (ssl.GetError()) {
+                buffered.reset(0);
+                return buffered;
+            }
+        }
 
     while(!buffer.eof()) {
         // each record
         RecordLayerHeader hdr;
+        bool              needHdr = false;
+
+        if (static_cast<uint>(RECORD_HEADER) > buffer.get_remaining())
+            needHdr = true;
+        else {
         buffer >> hdr;
         ssl.verifyState(hdr);
+        }
 
         // make sure we have enough input in buffer to process this record
-        if (hdr.length_ > buffer.get_remaining()) { 
-            uint sz = buffer.get_remaining() + RECORD_HEADER;
+        if (needHdr || hdr.length_ > buffer.get_remaining()) {
+            // put header in front for next time processing
+            uint extra = needHdr ? 0 : RECORD_HEADER;
+            uint sz = buffer.get_remaining() + extra;
             buffered.reset(NEW_YS input_buffer(sz, buffer.get_buffer() +
-                           buffer.get_current() - RECORD_HEADER, sz));
+                           buffer.get_current() - extra, sz));
             break;
         }
 
         while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
-            // each message in record
+            // each message in record, can be more than 1 if not encrypted
             if (ssl.getSecurity().get_parms().pending_ == false) // cipher on
                 decrypt_message(ssl, buffer, hdr.length_);
             mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_), ysDelete);
@@ -717,7 +735,7 @@ DoProcessReply(SSL& ssl, mySTL::auto_ptr<input_buffer> buffered)
         }
         offset += hdr.length_ + RECORD_HEADER;
     }
-    return buffered;  // done, don't call again
+    return buffered;
 }