[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Jan 19 15:53:43 UTC 2016
The branch master has been updated
via 293b5ca47767005e0341b450eef82633f48359f3 (commit)
from aa291c62a7c227d94073c8cd4ce81aa6950d72d7 (commit)
- Log -----------------------------------------------------------------
commit 293b5ca47767005e0341b450eef82633f48359f3
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Thu Oct 8 19:56:03 2015 +0200
Validate ClientHello session_id field length and send alert on failure
RT#4080
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_sess.c | 6 +-----
ssl/statem/statem_srvr.c | 12 ++++++++++++
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 09d0193..3010bc4 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -529,12 +529,8 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
int fatal = 0;
int try_session_cache = 1;
int r;
- size_t len = PACKET_remaining(session_id);
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
- goto err;
-
- if (len == 0)
+ if (PACKET_remaining(session_id) == 0)
try_session_cache = 0;
/* sets s->tlsext_ticket_expected and extended master secret flag */
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 78f9f5c..5ee0c94 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1082,6 +1082,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
goto f_err;
}
+ if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
if (!PACKET_get_sub_packet(pkt, &cipher_suites, cipher_len)
|| !PACKET_get_sub_packet(pkt, &session_id, session_id_len)
|| !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
@@ -1116,6 +1122,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
goto f_err;
}
+ if (PACKET_remaining(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
if (SSL_IS_DTLS(s)) {
if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
al = SSL_AD_DECODE_ERROR;
More information about the openssl-commits
mailing list