Add heartbeat extension bounds check.

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
author: Dr. Stephen Henson <steve@openssl.org> 2014-04-06 00:51:06 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-04-07 19:25:34 +0100
commit: 7e840163c06c7692b796a93e3fa85a93136adbb2 (patch)
tree: 67eeb65e9cae0d16b0b12be1d54d01d4c8a32780 /ssl/t1_lib.c
parent: a4896327e3e8c692438f0a85306f207b84b767f0 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c4f23c1022..80397b9c07 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3801,16 +3801,20 @@ tls1_process_heartbeat(SSL *s)
 	unsigned int payload;
 	unsigned int padding = 16; /* Use minimum padding */
 
-	/* Read type and payload length first */
-	hbtype = *p++;
-	n2s(p, payload);
-	pl = p;
-
 	if (s->msg_callback)
 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 			&s->s3->rrec.data[0], s->s3->rrec.length,
 			s, s->msg_callback_arg);
 
+	/* Read type and payload length first */
+	if (1 + 2 + 16 > s->s3->rrec.length)
+		return 0; /* silently discard */
+	hbtype = *p++;
+	n2s(p, payload);
+	if (1 + 2 + payload + 16 > s->s3->rrec.length)
+		return 0; /* silently discard per RFC 6520 sec. 4 */
+	pl = p;
+
 	if (hbtype == TLS1_HB_REQUEST)
 		{
 		unsigned char *buffer, *bp;
author	Dr. Stephen Henson <steve@openssl.org>	2014-04-06 00:51:06 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-04-07 19:25:34 +0100
commit	7e840163c06c7692b796a93e3fa85a93136adbb2 (patch)
tree	67eeb65e9cae0d16b0b12be1d54d01d4c8a32780 /ssl/t1_lib.c
parent	a4896327e3e8c692438f0a85306f207b84b767f0 (diff)