[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri May 20 13:21:49 UTC 2016
The branch master has been updated
via 1257adecd4afba978806b77bd5d45f32715d97d3 (commit)
from 464175692f1f00a9e5a87f040d0c59184d63b53b (commit)
- Log -----------------------------------------------------------------
commit 1257adecd4afba978806b77bd5d45f32715d97d3
Author: David Benjamin <davidben at google.com>
Date: Sat Mar 5 22:50:44 2016 -0500
Tighten up logic around ChangeCipherSpec.
ChangeCipherSpec messages have a defined value. They also may not occur
in the middle of a handshake message. The current logic will accept a
ChangeCipherSpec with value 2. It also would accept up to three bytes of
handshake data before the ChangeCipherSpec which it would discard
(because s->init_num gets reset).
Instead, require that s->init_num is 0 when a ChangeCipherSpec comes in.
RT#4391
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_lib.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 6ceb9ec..eb3e591 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -354,6 +354,16 @@ int tls_get_message_header(SSL *s, int *mt)
return 0;
}
if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /*
+ * A ChangeCipherSpec must be a single byte and may not occur
+ * in the middle of a handshake message.
+ */
+ if (s->init_num != 0 || i != 1 || p[0] != SSL3_MT_CCS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_TLS_GET_MESSAGE_HEADER,
+ SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto f_err;
+ }
s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
s->init_num = i - 1;
s->s3->tmp.message_size = i;
More information about the openssl-commits
mailing list