[openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)
Alessandro Ghedini via RT
rt at openssl.org
Thu Oct 8 17:19:06 UTC 2015
On Thu, Oct 08, 2015 at 04:12:50pm +0000, Hubert Kario via RT wrote:
> The server does not abort connection upon receiving a Client Hello
> message with malformed session_id field.
>
> Affects 1.0.1, 1.0.2 and master.
>
> In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is
> defined as
>
> opaque SessionID<0..32>;
>
> that means, that any SessionID longer than 32 bytes creates an
> incorrectly formatted Client Hello message, and as such, should be
> rejected.
Looking at the code in master, for non-v2 ClientHello messages the code uses
the PACKET_get_length_prefixed_1() function to extract the SessionID, however I
see no way to pass a maximum allowed length to it. I think a new function would
have to be added to the PACKET_* interface (I can look into this). Haven't
checked older branches yet.
The problem most likely happens with SSLv2 backwards compatible ClientHello as
well, but that seems to be easier to fix... or maybe it's time to just drop
that compatibility code for v1.1?
Cheers
More information about the openssl-dev
mailing list