More correctly handle a selected_len of 0 when processing NPN

In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but the selected_len is 0 we should fail. Previously this would fail with an internal_error alert because calling OPENSSL_malloc(selected_len) will return NULL when selected_len is 0. We make this error detection more explicit and return a handshake failure alert. Follow on from CVE-2024-5535 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24718)
author: Matt Caswell <matt@openssl.org> 2024-05-31 11:18:27 +0100
committer: Matt Caswell <matt@openssl.org> 2024-06-27 10:37:54 +0100
commit: 4279c89a726025c758db3dafb263b17e52211304 (patch)
tree: 088d64aa0ba92f5ea077bad75f86ee7551668be6 /ssl/statem/extensions_clnt.c
parent: 4ada436a1946cbb24db5ab4ca082b69c1bc10f37 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 842be0722b..a07dc62e9a 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1536,7 +1536,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                                   PACKET_data(pkt),
                                   PACKET_remaining(pkt),
                                   s->ctx->ext.npn_select_cb_arg) !=
-             SSL_TLSEXT_ERR_OK) {
+                                  SSL_TLSEXT_ERR_OK
+            || selected_len == 0) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION);
         return 0;
     }
author	Matt Caswell <matt@openssl.org>	2024-05-31 11:18:27 +0100
committer	Matt Caswell <matt@openssl.org>	2024-06-27 10:37:54 +0100
commit	4279c89a726025c758db3dafb263b17e52211304 (patch)
tree	088d64aa0ba92f5ea077bad75f86ee7551668be6 /ssl/statem/extensions_clnt.c
parent	4ada436a1946cbb24db5ab4ca082b69c1bc10f37 (diff)