[openssl-dev] [openssl.org #4069] Malformed Client Hello messages are accepted (custom message padding and length)
Hubert Kario via RT
rt at openssl.org
Fri Oct 2 12:38:40 UTC 2015
On Friday 02 October 2015 11:51:10 Alessandro Ghedini via RT wrote:
> On Fri, Oct 02, 2015 at 11:26:36am +0000, Hubert Kario via RT wrote:
> > Current git checkout of 1.0.1, 1.0.2 and master accept malformed
> > Client Hello messages.
> >
> > If the client sends a Client Hello message with extensions.length
> > field equal to 0, but padded with bytes
> > FF01 0001 00
> > then the Server Hello will contain the renegotiation_info extension.
>
> Yup, ssl_scan_clienthello_tlsext() extracts the length but then it
> doesn't do anything with it.
>
> I wrote a patch [0] that fixes this specific problem in master, but
> the tlsfuzzer script has a bunch of other failures. Incidentally,
> with my patch applied, the tlsfuzzer test takes a lot less time (like
> it's seconds faster), not quite sure if that's good or bad...
yes, all of the tests combined should finish in under 500ms on anything
resembling a modern PC.
any kind of "timed out" from tlsfuzzer means that the other side was
expecting more data where it shouldn't have
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151002/1bd45d69/attachment.sig>
More information about the openssl-dev
mailing list