Avoid an overflow in constructing the ServerKeyExchange message

We calculate the size required for the ServerKeyExchange message and then call BUF_MEM_grow_clean() on the buffer. However we fail to take account of 2 bytes required for the signature algorithm and 2 bytes for the signature length, i.e. we could overflow by 4 bytes. In reality this won't happen because the buffer is pre-allocated to a large size that means it should be big enough anyway. Addresses an OCAP Audit issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-07-01 11:58:05 +0100
committer: Matt Caswell <matt@openssl.org> 2016-07-01 19:23:29 +0100
commit: 1e16987fc18cce9420dd3b76326b8d25746fa258 (patch)
tree: 6f75e4d53d4e9fab2c5dce50b21998db6e77f398 /ssl
parent: 43cb309053ed3518bdd75dbf05ee96485ea57742 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index a88b3219ad..773591cd38 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1792,6 +1792,11 @@ int tls_construct_server_key_exchange(SSL *s)
             goto f_err;
         }
         kn = EVP_PKEY_size(pkey);
+        /* Allow space for signature algorithm */
+        if (SSL_USE_SIGALGS(s))
+            kn += 2;
+        /* Allow space for signature length */
+        kn += 2;
     } else {
         pkey = NULL;
         kn = 0;
author	Matt Caswell <matt@openssl.org>	2016-07-01 11:58:05 +0100
committer	Matt Caswell <matt@openssl.org>	2016-07-01 19:23:29 +0100
commit	1e16987fc18cce9420dd3b76326b8d25746fa258 (patch)
tree	6f75e4d53d4e9fab2c5dce50b21998db6e77f398 /ssl
parent	43cb309053ed3518bdd75dbf05ee96485ea57742 (diff)