diff options
author | Matt Caswell <matt@openssl.org> | 2018-01-31 09:53:51 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-01 10:28:49 +0000 |
commit | 848a950b715fa73070a9d1638e7630acfb0dfa4d (patch) | |
tree | e3e670a45ae47bb9aeada0bcfcdbfd6e3640955e /ssl/statem/extensions_clnt.c | |
parent | 4e525a0b4db2b11bee15a485b6ed6622ca8948f1 (diff) |
Fix some instances of the wrong alert type being sent
In a few places we sent an internal_error alert instead of a decode_error.
Fixes #5213
Fixes #5214
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5219)
Diffstat (limited to 'ssl/statem/extensions_clnt.c')
-rw-r--r-- | ssl/statem/extensions_clnt.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index dbb881223a..5441e98267 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1273,7 +1273,7 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - unsigned int ecpointformats_len; + size_t ecpointformats_len; PACKET ecptformatlist; if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) { @@ -1283,8 +1283,13 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, } if (!s->hit) { ecpointformats_len = PACKET_remaining(&ecptformatlist); - s->session->ext.ecpointformats_len = 0; + if (ecpointformats_len == 0) { + SSLfatal(s, SSL_AD_DECODE_ERROR, + SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, SSL_R_BAD_LENGTH); + return 0; + } + s->session->ext.ecpointformats_len = 0; OPENSSL_free(s->session->ext.ecpointformats); s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len); if (s->session->ext.ecpointformats == NULL) { |