Sanity check the ticket length before using key name/IV

This could in theory result in an overread - but due to the over allocation of the underlying buffer does not represent a security issue. Thanks to Fedor Indutny for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5417)
author: Matt Caswell <matt@openssl.org> 2018-02-20 10:20:20 +0000
committer: Matt Caswell <matt@openssl.org> 2018-02-21 11:26:25 +0000
commit: cb7503750efc02c64cdb7167dee692e47c44c6e9 (patch)
tree: 2737ce63dcf6ff75fee1fa3cf141cd0cd47db5e8 /ssl
parent: 773da093b1b9a63ae9c94cae756848011686caa0 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 82ad601924..a186623505 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3505,6 +3505,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
     EVP_CIPHER_CTX ctx;
     SSL_CTX *tctx = s->initial_ctx;
 
+    /* Need at least keyname + iv */
+    if (eticklen < 16 + EVP_MAX_IV_LENGTH)
+        return 2;
+
     /* Initialize session ticket encryption and HMAC contexts */
     HMAC_CTX_init(&hctx);
     EVP_CIPHER_CTX_init(&ctx);
author	Matt Caswell <matt@openssl.org>	2018-02-20 10:20:20 +0000
committer	Matt Caswell <matt@openssl.org>	2018-02-21 11:26:25 +0000
commit	cb7503750efc02c64cdb7167dee692e47c44c6e9 (patch)
tree	2737ce63dcf6ff75fee1fa3cf141cd0cd47db5e8 /ssl
parent	773da093b1b9a63ae9c94cae756848011686caa0 (diff)