diff options
author | Alessandro Ghedini <alessandro@ghedini.me> | 2015-10-08 19:56:03 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-01-19 15:53:23 +0000 |
commit | 293b5ca47767005e0341b450eef82633f48359f3 (patch) | |
tree | aa280d8d9e3af25059d17ec73848cd1c243594e2 /ssl/statem | |
parent | aa291c62a7c227d94073c8cd4ce81aa6950d72d7 (diff) |
Validate ClientHello session_id field length and send alert on failure
RT#4080
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_srvr.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 78f9f5c7a9..5ee0c94e17 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1082,6 +1082,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto f_err; } + if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (!PACKET_get_sub_packet(pkt, &cipher_suites, cipher_len) || !PACKET_get_sub_packet(pkt, &session_id, session_id_len) || !PACKET_get_sub_packet(pkt, &challenge, challenge_len) @@ -1116,6 +1122,12 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) goto f_err; } + if (PACKET_remaining(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (SSL_IS_DTLS(s)) { if (!PACKET_get_length_prefixed_1(pkt, &cookie)) { al = SSL_AD_DECODE_ERROR; |