[openssl-dev] [openssl.org #4080] Malformed Client Hello messages are accepted (session_id length)
Alessandro Ghedini via RT
rt at openssl.org
Thu Oct 8 18:14:00 UTC 2015
On Thu, Oct 08, 2015 at 05:19:06pm +0000, Alessandro Ghedini via RT wrote:
> On Thu, Oct 08, 2015 at 04:12:50pm +0000, Hubert Kario via RT wrote:
> > The server does not abort connection upon receiving a Client Hello
> > message with malformed session_id field.
> >
> > Affects 1.0.1, 1.0.2 and master.
> >
> > In SSLv3 and all versions of TLS (e.g. RFC 5246), the SessionID is
> > defined as
> >
> > opaque SessionID<0..32>;
> >
> > that means, that any SessionID longer than 32 bytes creates an
> > incorrectly formatted Client Hello message, and as such, should be
> > rejected.
>
> Looking at the code in master, for non-v2 ClientHello messages the code uses
> the PACKET_get_length_prefixed_1() function to extract the SessionID, however I
> see no way to pass a maximum allowed length to it. I think a new function would
> have to be added to the PACKET_* interface (I can look into this). Haven't
> checked older branches yet.
So, it turns out the check was already performed, but this failure didn't cause
the session to be aborted (the original PACKET was advanced anyway though, even
is the session_id isn't actually extracted), I don't know if this was on
purpose though.
In any case I wrote a minimal patch that makes the tlsfuzzer test pass (it may
even work for SSLv2 as well):
https://github.com/openssl/openssl/pull/437
Cheers
More information about the openssl-dev
mailing list