Don't create an invalid CertificateRequest

We should validate that the various fields we put into the CertificateRequest are not too long. Otherwise we will construct an invalid message. Fixes #6609 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6629)
author: Matt Caswell <matt@openssl.org> 2018-07-02 14:09:03 +0100
committer: Matt Caswell <matt@openssl.org> 2018-07-03 11:24:48 +0100
commit: 434af36f9778abe274bb637396f60977fbee98d2 (patch)
tree: 86b04b83f0cfcabc8f7b3cc9687673d35cc8e1b3
parent: 2c739f72e5236a8e0c351c00047c77083dcdb77f (diff)
3 files changed, 18 insertions, 0 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 753b804d50..a8d5125f68 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2091,6 +2091,11 @@ int ssl3_send_certificate_request(SSL *s)
         if (SSL_USE_SIGALGS(s)) {
             const unsigned char *psigs;
             nl = tls12_get_psigalgs(s, 1, &psigs);
+            if (nl > SSL_MAX_2_BYTE_LEN) {
+                SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+                       SSL_R_LENGTH_TOO_LONG);
+                goto err;
+            }
             s2n(nl, p);
             memcpy(p, psigs, nl);
             p += nl;
@@ -2107,6 +2112,11 @@ int ssl3_send_certificate_request(SSL *s)
             for (i = 0; i < sk_X509_NAME_num(sk); i++) {
                 name = sk_X509_NAME_value(sk, i);
                 j = i2d_X509_NAME(name, NULL);
+                if (j > SSL_MAX_2_BYTE_LEN) {
+                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+                           SSL_R_LENGTH_TOO_LONG);
+                    goto err;
+                }
                 if (!BUF_MEM_grow_clean
                     (buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
                     SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
@@ -2128,6 +2138,11 @@ int ssl3_send_certificate_request(SSL *s)
                     n += j;
                     nl += j;
                 }
+                if (nl > SSL_MAX_2_BYTE_LEN) {
+                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+                           SSL_R_LENGTH_TOO_LONG);
+                    goto err;
+                }
             }
         }
         /* else no CA names */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 30a94716ae..7efb8c74d6 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2954,6 +2954,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_KRB5_S_TKT_NYV                             294
 # define SSL_R_KRB5_S_TKT_SKEW                            295
 # define SSL_R_LENGTH_MISMATCH                            159
+# define SSL_R_LENGTH_TOO_LONG                            404
 # define SSL_R_LENGTH_TOO_SHORT                           160
 # define SSL_R_LIBRARY_BUG                                274
 # define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index aeffc00634..11115e32ad 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -259,6 +259,8 @@
                           c[1]=(unsigned char)(((l)>> 8)&0xff), \
                           c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
 
+# define SSL_MAX_2_BYTE_LEN     (0xffff)
+
 /* LOCAL STUFF */
 
 # define SSL_DECRYPT     0
author	Matt Caswell <matt@openssl.org>	2018-07-02 14:09:03 +0100
committer	Matt Caswell <matt@openssl.org>	2018-07-03 11:24:48 +0100
commit	434af36f9778abe274bb637396f60977fbee98d2 (patch)
tree	86b04b83f0cfcabc8f7b3cc9687673d35cc8e1b3
parent	2c739f72e5236a8e0c351c00047c77083dcdb77f (diff)