[openssl-dev] [openssl.org #4069] Malformed Client Hello messages are accepted (custom message padding and length)
Alessandro Ghedini via RT
rt at openssl.org
Fri Oct 2 11:51:10 UTC 2015
On Fri, Oct 02, 2015 at 11:26:36am +0000, Hubert Kario via RT wrote:
> Current git checkout of 1.0.1, 1.0.2 and master accept malformed Client
> Hello messages.
>
> If the client sends a Client Hello message with extensions.length field
> equal to 0, but padded with bytes
> FF01 0001 00
> then the Server Hello will contain the renegotiation_info extension.
Yup, ssl_scan_clienthello_tlsext() extracts the length but then it doesn't do
anything with it.
I wrote a patch [0] that fixes this specific problem in master, but the
tlsfuzzer script has a bunch of other failures. Incidentally, with my patch
applied, the tlsfuzzer test takes a lot less time (like it's seconds faster),
not quite sure if that's good or bad...
Cheers
[0] https://github.com/openssl/openssl/pull/421
More information about the openssl-dev
mailing list