[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Tue Jan 19 15:54:07 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via 51223748e5527db0e08049925bc2e9f430154d97 (commit)
from 4c33d583f5f691d354b58ca27d5e2108cd890a9c (commit)
- Log -----------------------------------------------------------------
commit 51223748e5527db0e08049925bc2e9f430154d97
Author: Alessandro Ghedini <alessandro at ghedini.me>
Date: Wed Jan 13 12:49:24 2016 +0000
Validate ClientHello session_id field length and send alert on failure
RT#4080
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s2_srvr.c | 5 +++++
ssl/s3_srvr.c | 6 ++++++
ssl/ssl_sess.c | 3 ---
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 4289272..5e2e0ac 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -598,6 +598,11 @@ static int get_client_hello(SSL *s)
s->s2->tmp.cipher_spec_length = i;
n2s(p, i);
s->s2->tmp.session_id_length = i;
+ if ((i < 0) || (i > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ return -1;
+ }
n2s(p, i);
s->s2->challenge_length = i;
if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4626a09..7eb7ea6 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1064,6 +1064,12 @@ int ssl3_get_client_hello(SSL *s)
goto f_err;
}
+ if ((j < 0) || (j > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
s->hit = 0;
/*
* Versions before 0.9.7 always allow clients to resume sessions in
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index de4c59e..48fc451 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -602,9 +602,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
int r;
#endif
- if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
- goto err;
-
if (session_id + len > limit) {
fatal = 1;
goto err;
More information about the openssl-commits
mailing list