diff options
| author | Matt Caswell <matt@openssl.org> | 2017-05-11 10:16:34 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-05-11 13:13:04 +0100 |
| commit | 0b367d79552401c221affa406b978a5b33d79032 (patch) | |
| tree | aeb943401c5fc096b03b759d53a19e8a8b0d06c5 | |
| parent | 3c544acc385ac39b77873c9cfa77c4ae5df956b5 (diff) | |
TLSv1.3 alerts cannot be fragmented and only one per record
We should be validating that.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3436)
| -rw-r--r-- | include/openssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/record/rec_layer_s3.c | 14 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 1 |
3 files changed, 16 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 54028f66c9..23dde11808 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2650,6 +2650,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_INAPPROPRIATE_FALLBACK 373 # define SSL_R_INCONSISTENT_COMPRESSION 340 # define SSL_R_INCONSISTENT_EXTMS 104 +# define SSL_R_INVALID_ALERT 205 # define SSL_R_INVALID_COMMAND 280 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 # define SSL_R_INVALID_CONFIGURATION_NAME 113 diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8d0a97be98..de112cc806 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1422,6 +1422,20 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_length(rr) == 0) SSL3_RECORD_set_read(rr); + if (SSL_IS_TLS13(s) + && SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) { + if (*dest_len < dest_maxlen + || SSL3_RECORD_get_length(rr) != 0) { + /* + * TLSv1.3 forbids fragmented alerts, and only one alert + * may be present in a record + */ + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_INVALID_ALERT); + goto f_err; + } + } + if (*dest_len < dest_maxlen) goto start; /* fragment was too small */ } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 06cd8521e5..42bd6aa678 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -609,6 +609,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"}, {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, {ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, + {ERR_REASON(SSL_R_INVALID_ALERT), "invalid alert"}, {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"}, {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, |